Download Now Free registration required
System monitoring provides a useful pre-emptive solution to the problem of gathering information about how a system behaves at run-time for post-hoc analysis by system administrators and forensic experts. However, existing techniques are insufficient to support post-hoc event reconstruction in large-scale systems. The authors propose a distributed trace-based system monitor that permits the correlation of actions within and between hosts in the monitored domain where users specify policy defining either interesting or potentially unsafe events in a system that are, nevertheless, permitted for reasons of usability.
- Format: PDF
- Size: 331.49 KB