A great deal of information is available
about the current state of a running operating system.
Some of this information resides in files,
some resides in assorted system data structures,
and some can only be acquired
by running exploratory commands:
- The file system contains information on ownership, permission, size, and other details regarding files and directories. This information can be obtained by running
stat(2) gives a more comprehensive snapshot.
/etc directory contains a number of control files, containing information on a wide variety of topics (e.g., user accounts, networks, printing).
- Commands such as
md5(1) can determine static characteristics of specific files. Other commands, such as
netstat(1), can gather snapshots of information about individual processes and the system as a whole.
- Some forms of metadata can be derived from automated or manual examination of files. For instance, what
include files does this program use? Alternatively, what files does this program access, and why?
- Package management systems such as the FreeBSD Ports Collection contain many forms of metadata (e.g., FTP download sites, installation directories). Sometimes this is explicitly detailed in description files; other times, it is buried in
patch directories, etc.
Although many files have similar formats,
there are many subtle (and often undocumented) variations.
Similarly, the report formats of administrative commands are diverse,
option-dependent, and may not be well optimized for parsing.
Consequently, filtering these files and reports into an unambiguous
and consistent format is a substantial task.
There is also a temporal aspect to consider.
By collecting information over time, we can spot trends
that would be invisible in any single snapshot.
By correlating events (e.g., process and file activity),
we can determine which activities are interrelated.
The Meta Project is intended to assemble and integrate all
of these sorts of information into a convenient, cohesive whole.
-- Main.RichMorin - 16 Jun 2003