This is the mail archive of the systemtap@sourceware.org mailing list for the systemtap project.
Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
---|---|---|
Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |
Other format: | [Raw text] |
Hi, We are two students at Aalborg University that are trying to make an application intrusion detections system, and we would like to be notified of any system calls that an application tries to do. We noticed SystemTap, and while it seems to be capable of what we want, we would like not to use relayfs for receiving the information, as that will make us unable to get a one to one mapping of system calls and notifications. We would like if the application at most can do one system call before we know of it. So my question is this: Is there any way to access the information that SystemTap probes directly from kernel space, without using relayfs? Thanks in advance for any help. Kind regards, Lasse Bigum
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
---|---|---|
Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |