Kernel Generalized Event Management (KGEM)

Introduction:

Kernel Generalized Event Management (KGEM) is a facility for collecting kernel events and managing user mode applications that are interested in these events. A kernel event can be anything that happens in the kernel that an application may be interested in, such as a file being opened, a program being executed, a process being created, etc. KGEM provides a structure for defining these events and delivering them to listening applications in user space.
KGEM is part of CA's Open Source Iniitiative.

Overview:

The heart of KGEM is a kernel loadable module that creates a directory in the /proc filesystem (/proc/kgem) that contains two files, 'subscribe', and 'status' These files are used by applications in user space that wish to subscribe to kernel events or see status information. All interaction with user space is accomplished using these two procfs entries. On the kernel side, a set of API calls is exported to allow events to be defined and generated. KGEM itself does not have any events defined. It only provides the infrastructure for defining them.

A second kernel loadable module, known as the data module, contains a set of functions that are used to provide data items that will be associated with an instance of a kernel event. These functions may only be accessed via an array of function pointers that resides in this module, to allow easy refreshability of this module while the system is running. An event definition will include a list of indices into this array, and these functions will be called to build the event record that is given to the listening application.

In addition to these two modules, one or more hook modules may be written to define the events, set the intercepts, and generate the events. These modules may be written to be specific to a particular user space application or generalized for more wide use.

Please direct any comments or questions to Bob Bennett.

Downloading KGEM for your Linux Kernel:

KGEM project page has downloads.

Downloading Development version of KGEM from CVS tree:

KGEM project page includes instructions for accessing KGEM cvs tree. Here is a quick download guide for users of KGEM.

cvs -d:pserver:anonymous@cvs.sourceforge.net:/cvsroot/kgem login cvs -z3 -d:pserver:anonymous@cvs.sourceforge.net:/cvsroot/kgem co .

These two CVS commands will fetch latest KGEM development version in current directory. For further updates, go to the same directory and run cvs update

Mailing list:

If you want to contribute to KGEM, you can send patches to KGEM development mailing list

To subscribe to the mailing list, go here.

If you plan to contribute to KGEM regularly, send an email to Bob Bennett to become a KGEM developer.