What is A System Call Logger ?
A system call logger is basically a bunch of routines which catch the actual system calls and redirect those calls to own functions. It's obvious that you can do whatever you want in your own functions. In this particulair case we wanted to timestamp the read and write calls such that every read and write to a socket was time stamped.
How Does It Work ?
By the use of macro substitution the affected systemcalls are caught, and redirected to own routines. Every time the program does one of the affected calls, it invokes one of the logging routines. The logging routines store the timestamps in a circulair buffer, and will subsequently call the appropriate system call. Every time the time stamp buffer fills up it will be written to disk automatically. A simple tool called view_data is provided which shows the information recorded.
How to Link Against My Application ?
Simple, just provide the defines noted in defines as CFLAGS argument to the make file and that'll do it in most cases. (Don't forget to link in instsock.o of course.) In case this won't work or just does not seem to function, you can include the file kludge.h into the parts of the application which do the system calls. The defines replace the following calls / functions :The last two ones are caught to make sure the circulair buffer gets written to disk. All the calls are preceded by 'log_'. The data files generated by the logging utility are named with the process id with extension '.dat'
Where Can I Get It ?
Click on the above link and you'll donwload it. If that does not work you can ftp it from our anonymous ftp site ftp.ittc.ku.edu in the directory /pub/software/instapp/instapp-1.0.tar.gz.
In case you still have questions, you can send mail to Steve Pennington or Roel Jonkman.
This development is funded by the Information Technology Office (ITO) of the Defesnse Advanced Research Projects Agency (ARPA) as a part of the ACTS ATM Internetwork (AAI) project.