cd /path/to/kernel/source && patch -p1 < /path/to/openlog-patch.diff
openlog is a kernel patch for Linux 2.6.x that makes it possible to record the sequence of all successfully opened files on a given system, from boot to shutdown, controllable via the logfiles=1 kernel parameter. Its primary usage is to optimize LiveCD boot sequence and minimize cold-start applications load by ordering files on special purpose file systems such as romfs or squashfs.
It is packaged as a set of disjoint patches (See under patches/) that apply cleanly against all 2.6 kernels from kernel.org (so-called "vanilla" kernels). Openlog should be easy to include in all recent kernels, including pre-patched versions.
Grab any Linux 2.6 kernel source tree.
Identify the version, and apply the patch under patches/ that more closely matches your kernel — all the patches there apply cleanly against their homonymic kernels (for instance, patch patches/2.6.16.diff is for stock linux 2.6.16). Typical patching procedure will look like:
cd /path/to/kernel/source && patch -p1 < /path/to/openlog-patch.diff
Recompile your kernel. You might want to change the CONFIG_LOG_BUF_SHIFT (Kernel hacking -> Kernel debugging -> Kernel log buffer size) for a larger value such as 18 (218 = 256 KB). If you want to avoir kernel ring collision (and therefore loss of information) during the boot.
Done! Add a logfiles=1 parameter to your bootloader's kernel invokation whenever you want to activate it: all successfully opened files should then be logged as long as the kernel will be running. You may wish to use the included openlog.py script later on to process openlog kernel output (see ./openlog.py —help).
Once openlog is loaded and made active via the logfiles=1 kernel parameter, a single new log entry will be emitted by the kernel every time a file is successfully opened. Such a line will look like this once recorded in the system logs:
Jun 10 03:07:18 yourhost FILE /dev/null
For your convenience, a Python script called openlog.py is provided with openlog (Python >= 2.3 required). It is flexible enough to identify, test, sort and format openlog output for all the most common tasks. By default, the script is set to turn the logged entries into sort files compatible with the mksquashfs tool. The full openlog.py command line description is:
usage: openlog.py [options] [input_file]
Identify, test, sort and format syslog or dmesg entries generated by
openlog. Default input_file is standard input. Typical use for mksquasfs
sort file creation would be:
cat /path/to/log | openlog.py --root=/path/to/livecd > sort_file.txt
options:
-h, --help show this help message and exit
-r ROOT, --root=ROOT root directory to prepend to file names (default is to
use the real root). This is performed once and for all
before any other test, sort or output formatting on
filenames. This is chiefly useful when working with
chrooted environments
-o OUTFILE, --output=OUTFILE
output file (default is standard output)
-t TEST, --test=TEST test expression for file filtering. Any boolean-
evaluable Python expression will do, where the
filename string will replace all occurence of the
arobas symbol. Default is `isfile(@)', that only
accepts existing regular files. Use `True' to perform
no filtering at all, or `isdir(@) or isfile(@)' to
accept both existing directories and regular files.
Alternatively, TEST can be the path to an external
script that should accept the filename as the only
argument and returns 0 to indicate selection; when no
filename is given, the script must also returns 0 (of
course, this might be significantly slower than inline
expressions)
-k, --keep-duplicate keep repeated files (default is not to). Please note
that no sorting is performed by this: original files
ordering is preserved.
-s MODE, --sort-mode=MODE
sort mode (default value is `reverse'). Valid values
are `plain' (no sort, files listed in order of
occurence), `reverse' (files listed in inverse order
of occurence) and `alpha' (files listed by alphabetic
order)
-f FORMAT, --format=FORMAT
enumeration formatter (default is `@\t#'). Specify the
output format: the arobas symbol is replaced by the
filename, and the cardinal is replaced by the rank of
the file in the file list after an eventual sort. If
you use for instance `@', only the filename will be
printed
-e START, --enum-start=START
rank of the first file (an integer, default is 1). It
has no effect unless the enumeration formatter uses
ranking (see option --format)
You may partially log the same information purely from user space using strace:
strace -e trace=open [insert costly command line here]
strace will then log every call to your libc open() occuring during the parent process invoked in the call, as well as in all its children.
Openlog is pretty much complete: the code now in maintenance mode (following kernel code upgrade, fixing portability bugs, etc.).