[PATCH] auvirt: a new tool for reporting events related to virtual machines

Mon Jan 16 15:36:18 UTC 2012

On Monday, January 16, 2012 08:05:31 AM Marcelo Cerri wrote:
> Just some few questions:
> 
> What did yo mean by "a security report"? Just another section or a
> separated mode?

Probably a mode, because its data is not going to fit neatly into columns and 
look like a nice organized report.

> Wouldn't it be a problem to put the time field in the end of the
> resource records? It'd be like that:
> 
> res   guest-name-2   root  mem    "?"    "1048576"     Wed Jan 11 15:23
> - 15:24 (00:01)
> start guest-name-2   root  Wed Jan 11 15:23 - 15:24 (00:01)
> 
> Or like that:
> 
> res   guest-name-2   root  mem    "?"    "1048576"     Wed Jan 11 15:23
> - 15:24 (00:01)
> start guest-name-2   root                              Wed Jan 11 15:23
> - 15:24 (00:01)

Like the second one so that like fields line up verically. I'd try to make things 
line up vertically as much as possible even if there is blank space. (We might 
think of something later to add like perhaps the host machine name.)

-Steve

> On 01/13/2012 05:23 PM, Steve Grubb wrote:
> > Hello,
> > 
> > On Friday, January 13, 2012 12:25:05 PM Marcelo Cerri wrote:
> >> These are some output examples of auvirt. What do you think?
> > 
> > I think you are on the right track.
> > 
> >> I just added a "--full" option because libvirt can generate several
> >> resource events and this can make the output confusing.
> > 
> > Hmm. Why not call it --resource if its a resource specific report? Full
> > to me implies everything for all guests.
> > 
> >> $ ./auvirt
> >> start guest-name-1    root    Tue Jan 10 11:05
> >> stop  guest-name-1    root    Tue Jan 10 11:39
> >> start guest-name-2    root    Wed Jan 11 15:23
> >> start guest-name-2    root    Wed Jan 11 16:28
> >> start guest-name-1    root    Wed Jan 12 19:47
> > 
> > Why not collapse these into 1 line like last that shows a duration?
> > 
> > start guest-name-1    root    Tue Jan 10 11:05 - 11:39 (00:34)
> > 
> > Do you have any samples for when a guest is paused and restarted? I would
> > also collapse those into a line showing the duration of the pause.
> > 
> > pause guest-name-1    root    Tue Jan 10 11:15 - 11:30 (00:15)
> > 
> >> $ ./auvirt --show-uuid
> >> start guest-name-1 fb4149f5-9ff6-4095-f6d3-a1d03936fdfa root    Tue Jan
> >> 10 11:05
> >> stop  guest-name-1 fb4149f5-9ff6-4095-f6d3-a1d03936fdfa root    Tue Jan
> >> 10 11:39
> >> start guest-name-2 f937029b-93ca-4e13-b40b-663f46323503 root    Wed Jan
> >> 11 15:23
> >> start guest-name-2 f937029b-93ca-4e13-b40b-663f46323503 root    Wed Jan
> >> 11 16:28
> >> start guest-name-1 fb4149f5-9ff6-4095-f6d3-a1d03936fdfa root    Wed Jan
> >> 12 19:47
> >> 
> >> $ ./auvirt --summary # keep the same behaviour
> >> 
> >> $ ./auvirt --uuid fb4149f5-9ff6-4095-f6d3-a1d03936fdfa
> >> start guest-name-1    root    Tue Jan 10 11:05
> >> stop  guest-name-1    root    Tue Jan 10 11:39
> >> start guest-name-1    root    Wed Jan 12 19:47
> >> 
> >> $ ./auvirt --vm-name guest-name-2
> >> start guest-name-2    root    Wed Jan 11 15:23
> >> start guest-name-2    root    Wed Jan 11 16:28
> > 
> > Maybe it will be easier on admin's fingers to just call the above option
> > --vm? I like shorter names if they make sense and are unambiguous.
> > 
> >> $ ./auvirt --full --uuid f937029b-93ca-4e13-b40b-663f46323503
> >> res   guest-name-2    root    Wed Jan 11 15:23    disk    "?"
> >> "/images/guest-2.img"
> >> res   guest-name-2    root    Wed Jan 11 15:23    vcpu    "0"    "4"
> >> res   guest-name-2    root    Wed Jan 11 15:23    net     "?"
> >> "52:54:00:DB:AE:B4"
> >> res   guest-name-2    root    Wed Jan 11 15:23    mem     "?"   
> >> "1048576" start guest-name-2    root    Wed Jan 11 15:23
> >> avc   guest-name-2    root    Wed Jan 11 19:49    read
> >> "/images/guest-2.img"    denied
> >> res   guest-name-2    root    Wed Jan 11 15:23    mem     "1048576"
> >> "2097152"
> >> stop  guest-name-2    root    Wed Jan 11 16:28
> > 
> > I would separate avcs and anomalies into a security report. Then for the
> > resource section, I would rearrange the fields so the time is at the end
> > and then show the duration so you collapse 2 lines (assignment and
> > disposal) into 1 line.
> > 
> > For things that are disposed of at shutdown, you can just put "down" like
> > last does when users are logged out by the system shutdown.
> > 
> > Overall, I think this is heading in the right direction.
> > 
> > Thanks,
> > 
> >   -Steve