111 lines
3.2 KiB
Plaintext
111 lines
3.2 KiB
Plaintext
|
#!/bin/sh
|
||
|
#
|
||
|
# Plugin to monitor SELinux's Access Vector Cache (AVC).
|
||
|
#
|
||
|
# config (required)
|
||
|
# autoconf (optional - used by munin-config)
|
||
|
#
|
||
|
# Lars Strand, 2007
|
||
|
#
|
||
|
#
|
||
|
# Magic markers (used by munin-config and some installation scripts (i.e.
|
||
|
# optional)):
|
||
|
#%# family=auto
|
||
|
#%# capabilities=autoconf
|
||
|
|
||
|
|
||
|
AVCSTATS="/selinux/avc/cache_stats"
|
||
|
|
||
|
if [ "$1" = "autoconf" ]; then
|
||
|
if [ -r $AVCSTATS ]; then
|
||
|
echo yes
|
||
|
exit 0
|
||
|
else
|
||
|
echo no
|
||
|
exit 1
|
||
|
fi
|
||
|
fi
|
||
|
|
||
|
if [ "$1" = "config" ]; then
|
||
|
|
||
|
echo "graph_title SELinux's Access Vector Cache"
|
||
|
echo 'graph_args -l 0 --base 1000'
|
||
|
echo 'graph_vlabel AVC operations'
|
||
|
echo 'graph_category system'
|
||
|
|
||
|
echo 'lookups.label lookups'
|
||
|
echo 'lookups.type DERIVE'
|
||
|
echo 'lookups.min 0'
|
||
|
echo 'lookups.max 1000000000'
|
||
|
echo 'lookups.draw AREA'
|
||
|
echo 'lookups.colour ff0000' # Red
|
||
|
echo 'lookups.info Number of access vector lookups. This number is a good indicator of the load beeing placed on the AVC.'
|
||
|
|
||
|
echo 'hits.label hits'
|
||
|
echo 'hits.type DERIVE'
|
||
|
echo 'hits.min 0'
|
||
|
echo 'hits.max 1000000000'
|
||
|
echo 'hits.draw STACK'
|
||
|
echo 'hits.colour 0022ff' # Blue
|
||
|
echo 'hits.info Number of access vector hits.'
|
||
|
|
||
|
echo 'misses.label misses'
|
||
|
echo 'misses.type DERIVE'
|
||
|
echo 'misses.min 0'
|
||
|
echo 'misses.max 1000000000'
|
||
|
echo 'misses.draw STACK'
|
||
|
echo 'misses.colour 990000' # Darker red
|
||
|
echo 'misses.info Number of cache misses.'
|
||
|
|
||
|
echo 'allocations.label allocations'
|
||
|
echo 'allocations.type DERIVE'
|
||
|
echo 'allocations.min 0'
|
||
|
echo 'allocations.max 100000000'
|
||
|
echo 'allocations.draw STACK'
|
||
|
echo 'allocations.colour ffa500' # Orange
|
||
|
echo 'allocations.info Number of AVC entries allocated.'
|
||
|
|
||
|
echo 'reclaims.label reclaims'
|
||
|
echo 'reclaims.type DERIVE'
|
||
|
echo 'reclaims.min 0'
|
||
|
echo 'reclaims.max 1000000000'
|
||
|
echo 'reclaims.draw STACK'
|
||
|
echo 'reclaims.colour 00aaaa' # Darker turquoise
|
||
|
echo 'reclaims.info Number of current total reclaimed AVC entries. If this keeps changing, you may need to increase the cache size (/selinux/avc/cache_threshold).'
|
||
|
|
||
|
echo 'frees.label frees'
|
||
|
echo 'frees.type DERIVE'
|
||
|
echo 'frees.min 0'
|
||
|
echo 'frees.max 1000000000'
|
||
|
echo 'frees.draw STACK'
|
||
|
echo 'frees.colour 00ff7f' # Spring green
|
||
|
echo 'frees.info Number of free AVC entries.'
|
||
|
|
||
|
exit 0
|
||
|
fi
|
||
|
|
||
|
if [ -r $AVCSTATS ]; then
|
||
|
awk ' NR > 1 {
|
||
|
lookups += $1;
|
||
|
hits += $2;
|
||
|
misses += $3;
|
||
|
allocations += $4;
|
||
|
reclaims += $5;
|
||
|
frees += $6;
|
||
|
} END {
|
||
|
print "lookups.value " lookups;
|
||
|
print "hits.value " hits;
|
||
|
print "misses.value " misses;
|
||
|
print "allocations.value " allocations;
|
||
|
print "reclaims.value " reclaims;
|
||
|
print "frees.value " frees;
|
||
|
} ' < $AVCSTATS
|
||
|
else
|
||
|
echo "lookups.value U"
|
||
|
echo "hits.value U"
|
||
|
echo "misses.value U"
|
||
|
echo "allocations.value U"
|
||
|
echo "reclaims.value U"
|
||
|
echo "frees.value U"
|
||
|
fi
|