Unlock instant, AI-driven research and patent intelligence for your innovation.

Linux system calling event collection and caching device and method

A technology for invoking events and collecting devices, which is applied in hardware monitoring, special data processing applications, redundant data error detection in computing, etc. It can solve problems that affect performance, have no data caching function, and cannot be deployed online in real time. , to achieve the effect of improving operating efficiency and reducing memory copy operations

Active Publication Date: 2020-08-28
广州锦行网络科技有限公司
View PDF6 Cites 1 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0015] In order to solve the technical problems existing in the prior art that cannot be deployed online in real time, affects performance, and has no data caching function, the present invention provides a Linux system call event collection and caching device and method

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Linux system calling event collection and caching device and method
  • Linux system calling event collection and caching device and method
  • Linux system calling event collection and caching device and method

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0108] The invention provides a Linux system call event collection device to collect accept system call events (in Linux systems, system call events are sometimes called system events in practice, sometimes called system calls, and sometimes abbreviated It is called call or event, and actually refers to a system call event) as an example for illustration, the device includes:

[0109] The system call event collection module is used for system call event information collection and processing, including the sysdig-probe kernel driver module.

[0110] The sysdig-probe kernel driver module is used for the collection of system call event information, including the sysdig-probe filter module and the sysdig-probe event serialization module, which is based on the open source sysdig for secondary development, using Linux character device driver technology , register the trace points of all system call events as the probe function in the driver form, when the accept system call event oc...

Embodiment 2

[0130] The present invention provides a Linux system call event caching device, which is described by taking the caching of the accept system call event as an example, and the device includes:

[0131] System call event buffer module, described system call event buffer module comprises sysdig-userspace layer, and described sysdig-userspace layer comprises Sqlite file database;

[0132] The system call event cache module is used to cache system call event information, and the sysdig-userspace layer is used to read the accept system call event information collected by the above acquisition device, and store the system call event information in the In the Sqlite file database, the sysdig-userspace layer reads the binary accept system call event information collected by the above acquisition device from the memory shared with the sysdig-probe kernel driver module, and according to the file descriptor type socket in the accept system call Classify the binary system call event infor...

Embodiment 3

[0150] The invention provides a Linux system call event collection device and a Linux system call event cache device, the collection device includes a sydig-probe kernel driver module, a Linux system call event cache device includes a sysdig-userspace layer, and the above collection device The sydig-probe kernel driver module and the sysdig-userspace layer in the above cache device use Linux memory mapping technology to share memory. The sydig-probe kernel driver module in the acquisition device processes the collected system call event information such as accept and stores it in the above-mentioned shared memory, and the sysdig-userspace layer in the cache device reads the information collected by the acquisition device from the above-mentioned shared memory. Accept and other system call event information, and store it in the Sqlite file database after processing.

[0151] The present invention is based on the deep secondary development technology of the open-source sysdig an...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides a Linux system calling event collection and caching device and method, and belongs to the field of computer safety, being characterized in that the Linux system calling event collection and caching device and method add a sysdig-probe filtering module and a sysdig-probe event serialization module based on a sysdig-probe kernel driving module of a sysdig project for collecting system calling event information; a Linux memory mapping technology is adopted; the Sysdig-userspace layer and the sysdig-probe kernel driving module share a memory, and the sysdig-userspace layer reads the shared memory data; and the system calling event information is stored into a Sqlite cache library for storage through a high-performance and real-time Sqlite c API interface. According to the Linux system calling event collection and caching device and method, system calling event collection and storage are carried out in real time, and online deployment of Linux system calling event monitoring is realized.

Description

technical field [0001] The invention relates to the field of computer security, in particular to a Linux system call event collection and buffering device and method. Background technique [0002] Linux is a set of Unix-like operating systems that are free to use and spread freely. It is a multi-user, multi-tasking, multi-threading and multi-CPU (central processing unit) operating system. Linux is an open source software with stable system performance. Its core firewall components are highly efficient and easy to configure, making it more and more widely used in many enterprise networks. Linux is not only used as a server by network operation and maintenance personnel, but also as a network firewall. [0003] Linux kernel development and debugging or daily operation and maintenance analysis requires the monitoring of Linux system behavior, which is a special concern of development and operation and maintenance personnel. At present, most Linux system behavior monitoring is...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F11/30G06F11/14G06F16/2455
CPCG06F11/1451G06F11/302G06F11/3072G06F11/3086G06F16/24552
Inventor 吴建亮胡鹏王建荣
Owner 广州锦行网络科技有限公司
Features
  • R&D
  • Intellectual Property
  • Life Sciences
  • Materials
  • Tech Scout
Why Patsnap Eureka
  • Unparalleled Data Quality
  • Higher Quality Content
  • 60% Fewer Hallucinations
Social media
Patsnap Eureka Blog
Learn More

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2025 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com