> Why not use the Solaris audit facility?Several reasons: (1) We want the history to follow the data, not the host. If you export the pool from one host and import it on another, we want the command history to move with the pool. That won''t happen if the history file is somewhere in /etc or /var. (2) For correctness, we want the record of the command to be written in the same transaction group as the action it causes. That way there''s no ambiguity about whether a given command did or did not complete before something bad happened. Jeff
On Thu, May 04, 2006 at 12:39:59AM -0700, Jeff Bonwick wrote:> > Why not use the Solaris audit facility? > > Several reasons: > > (1) We want the history to follow the data, not the host. If you > export the pool from one host and import it on another, we want > the command history to move with the pool. That won''t happen > if the history file is somewhere in /etc or /var. > > (2) For correctness, we want the record of the command to be written > in the same transaction group as the action it causes. That way > there''s no ambiguity about whether a given command did or did not > complete before something bad happened.OK, I that makes a lot of sense. But you''d still want to audit, no?
Nicolas Williams wrote:> On Thu, May 04, 2006 at 12:39:59AM -0700, Jeff Bonwick wrote: >>> Why not use the Solaris audit facility? >> Several reasons: >> >> (1) We want the history to follow the data, not the host. If you >> export the pool from one host and import it on another, we want >> the command history to move with the pool. That won''t happen >> if the history file is somewhere in /etc or /var. >> >> (2) For correctness, we want the record of the command to be written >> in the same transaction group as the action it causes. That way >> there''s no ambiguity about whether a given command did or did not >> complete before something bad happened. > > OK, I that makes a lot of sense. But you''d still want to audit, no?Why ? The ''ex'' class already deals with that and auditing of file system stuff is done else where. I think this project is complementary to Solaris BSM Audit. -- Darren J Moffat