[EROS-Arch] Error logging
Jonathan S. Shapiro
shap@eros-os.org
Wed, 26 Sep 2001 10:16:22 -0400
> > > 3. In a decomposed system, how useful is an audit log?
> >
> > I think it will help people gain confidence that the system is working
as
> > it is supposed to be working.
>
> You still have to define what happens when it fills, and I say kill it
> or block it (configurably)...
Blocking here is very problematic. For example, the audit entry saying "a
foobar namex 0x1509 just got created" should be issued by the constructor,
not the object, and we definitely don't want the constructor to block, nor
should constructions needed for recovery programs block.
This is a much deeper design problem than we have had an adequate
opportunity to explore. I think the audit log must not block, but must be
"deep" enough not to overflow easily, much as UNIX error logs work.