root / plugins / system / selinux_avcstats @ c29d25a8
Historique | Voir | Annoter | Télécharger (3,17 ko)
| 1 |
#!/bin/sh |
|---|---|
| 2 |
# |
| 3 |
# Plugin to monitor SELinux's Access Vector Cache (AVC). |
| 4 |
# |
| 5 |
# config (required) |
| 6 |
# autoconf (optional - used by munin-config) |
| 7 |
# |
| 8 |
# Lars Strand, 2007 |
| 9 |
# |
| 10 |
# |
| 11 |
# Magic markers (used by munin-config and some installation scripts (i.e. |
| 12 |
# optional)): |
| 13 |
#%# family=auto |
| 14 |
#%# capabilities=autoconf |
| 15 |
|
| 16 |
|
| 17 |
AVCSTATS="/selinux/avc/cache_stats" |
| 18 |
|
| 19 |
if [ "$1" = "autoconf" ]; then |
| 20 |
if [ -r $AVCSTATS ]; then |
| 21 |
echo yes |
| 22 |
exit 0 |
| 23 |
else |
| 24 |
echo no |
| 25 |
exit 1 |
| 26 |
fi |
| 27 |
fi |
| 28 |
|
| 29 |
if [ "$1" = "config" ]; then |
| 30 |
|
| 31 |
echo "graph_title SELinux's Access Vector Cache" |
| 32 |
echo 'graph_args -l 0 --base 1000' |
| 33 |
echo 'graph_vlabel AVC operations' |
| 34 |
echo 'graph_category system' |
| 35 |
|
| 36 |
echo 'lookups.label lookups' |
| 37 |
echo 'lookups.type DERIVE' |
| 38 |
echo 'lookups.min 0' |
| 39 |
echo 'lookups.max 1000000000' |
| 40 |
echo 'lookups.draw AREA' |
| 41 |
echo 'lookups.colour ff0000' # Red |
| 42 |
echo 'lookups.info Number of access vector lookups. This number is a good indicator of the load beeing placed on the AVC.' |
| 43 |
|
| 44 |
echo 'hits.label hits' |
| 45 |
echo 'hits.type DERIVE' |
| 46 |
echo 'hits.min 0' |
| 47 |
echo 'hits.max 1000000000' |
| 48 |
echo 'hits.draw STACK' |
| 49 |
echo 'hits.colour 0022ff' # Blue |
| 50 |
echo 'hits.info Number of access vector hits.' |
| 51 |
|
| 52 |
echo 'misses.label misses' |
| 53 |
echo 'misses.type DERIVE' |
| 54 |
echo 'misses.min 0' |
| 55 |
echo 'misses.max 1000000000' |
| 56 |
echo 'misses.draw STACK' |
| 57 |
echo 'misses.colour 990000' # Darker red |
| 58 |
echo 'misses.info Number of cache misses.' |
| 59 |
|
| 60 |
echo 'allocations.label allocations' |
| 61 |
echo 'allocations.type DERIVE' |
| 62 |
echo 'allocations.min 0' |
| 63 |
echo 'allocations.max 100000000' |
| 64 |
echo 'allocations.draw STACK' |
| 65 |
echo 'allocations.colour ffa500' # Orange |
| 66 |
echo 'allocations.info Number of AVC entries allocated.' |
| 67 |
|
| 68 |
echo 'reclaims.label reclaims' |
| 69 |
echo 'reclaims.type DERIVE' |
| 70 |
echo 'reclaims.min 0' |
| 71 |
echo 'reclaims.max 1000000000' |
| 72 |
echo 'reclaims.draw STACK' |
| 73 |
echo 'reclaims.colour 00aaaa' # Darker turquoise |
| 74 |
echo 'reclaims.info Number of current total reclaimed AVC entries. If this keeps changing, you may need to increase the cache size (/selinux/avc/cache_threshold).' |
| 75 |
|
| 76 |
echo 'frees.label frees' |
| 77 |
echo 'frees.type DERIVE' |
| 78 |
echo 'frees.min 0' |
| 79 |
echo 'frees.max 1000000000' |
| 80 |
echo 'frees.draw STACK' |
| 81 |
echo 'frees.colour 00ff7f' # Spring green |
| 82 |
echo 'frees.info Number of free AVC entries.' |
| 83 |
|
| 84 |
exit 0 |
| 85 |
fi |
| 86 |
|
| 87 |
if [ -r $AVCSTATS ]; then |
| 88 |
awk ' NR > 1 {
|
| 89 |
lookups += $1; |
| 90 |
hits += $2; |
| 91 |
misses += $3; |
| 92 |
allocations += $4; |
| 93 |
reclaims += $5; |
| 94 |
frees += $6; |
| 95 |
} END {
|
| 96 |
print "lookups.value " lookups; |
| 97 |
print "hits.value " hits; |
| 98 |
print "misses.value " misses; |
| 99 |
print "allocations.value " allocations; |
| 100 |
print "reclaims.value " reclaims; |
| 101 |
print "frees.value " frees; |
| 102 |
} ' < $AVCSTATS |
| 103 |
else |
| 104 |
echo "lookups.value U" |
| 105 |
echo "hits.value U" |
| 106 |
echo "misses.value U" |
| 107 |
echo "allocations.value U" |
| 108 |
echo "reclaims.value U" |
| 109 |
echo "frees.value U" |
| 110 |
fi |