search

martinpitt / fatrace

report system wide file access events
GNU General Public License v3.0
173 stars 12 forks source link

fatrace not collecting data generated by dovecot #22

Closed ituxmx closed 1 year ago

ituxmx commented 2 years ago

I'm trying to identify IO issues on the path where I have the mail files (/var/spool/vmail), a filesystem is created for this specific purpose; if i explore the path thru the terminal I can see commands like ls, cp, rm but when a new file is created by dovecot/smtp processes the information is not collected by fatrace.

Process I identify that are reading during the iowait is dovecot/lmtp

Is it possible to enable the monitoring using fatrace to identify the servers been created/read by dovecot or smtp servers? thanks in advance.

martinpitt commented 2 years ago

when a new file is created by dovecot/smtp processes the information is not collected by fatrace.

Do you get any events from dovecot on your /var/spool/vmail/ file system? Or does dovecot somehow manage to evade fanotify?

How do you call fatrace? Which distribution/version are you using? Please also copy&paste the output of uname -a -- kernels before 5.1 reported less information (they don't support FAN_REPORT_FID).

martinpitt commented 2 years ago

servers been created/read by dovecot or smtp servers

That's not what fanotify does, this only monitors file system activity. To see that, you need to look at the log files (possibly increase debug level), and in the worst case, use strace to monitor all network/socket actions.

ituxmx commented 2 years ago

hi Martin, sorry for the delay. shared the information required.

Do you get any events from dovecot on your /var/spool/vmail/ file system? I get events from dovecot, the path /var/spool/vmail is the workspace used by dovecot and postfix to store the mail logs.

Or does dovecot somehow manage to evade fanotify? I have no idea how fanotify works, but when i run iotop i can see that the storage is used by dovecot process

How do you call fatrace? cd /var/spool/vmail; fatrace -c

Which distribution/version are you using? CentOS 7.9

Please also copy&paste the output of uname -a Linux cmail.intunet.co.uk 3.10.0-1160.62.1.el7.x86_64 #1 SMP Tue Apr 5 16:57:59 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux

martinpitt commented 2 years ago

CentOS 7.9

Ah yes -- that is way too old for FAN_REPORT_FID support -- so that kernel does not report directory create/file move etc. events. You'll only get open/read/write/close.

I get events from dovecot

So how do they look like?

martinpitt commented 1 year ago

No reply in two months, and CentOS 7 is really old.