Auditing and monitoring is an important system facility to aid in monitoring correct system Operation and as a means of detecting security problems. We present a monitoring architecture which allows one to examine the behaviour of programs and the operating system to quickly identify the root causes of program error or performance bottlenecks. The system should be reliable, extensible and efficient. That is: (i) the system can be safely used by not only the super user but also any normal user; (ii) programmers can write different auditing programs for different tasks; (iii) auditing should not bring too much performance overhead. We have designed and implemented a prototype which allows one to write monitors to receive all the interesting events based on an event specification and a process specification.
The monitor itself is simply an arbitrary process which receives events and deals with them. Although the prototype is currently neither complete nor optimized, we can already compare our system with some related existing systems. Preliminary experimental results show that the current implementation is 8 to 200 times faster than other monitoring systems.
Key Words : Internal Control Systems , Enterprise Resource Planning (ERP) systems .