Let's say you're a regional sysadmin at a midsized company, you have an assistant junior sysadmin, and there's a clued CTO who comes to both of you with a proposal: 「I'd like you to create a facility that uses syslog to log every time a new process is fork-exec'd, recording the pid, the program launched, and its arguments」. You decide this is reasonable given the needs for the systems involved, and your assistant suggests modifying the system shells to keep track of when they're used to expand globs and launch programs.
- What fundamental misconception(s), if any, your assistant's solution has
- How you would solve the problem on arbitrary unices
- Limits to your solution
- What other things would be reasonable to log
- Any way to convince existing Unix distributions to do this without anything intrusive
- On a reasonably busy server that does some particular task, how big the logs would be after a week
FWIW: I've never been asked anything like this (the idea came to me in the shower this morning), but I think it'd be a fun thing to ask a systems person in an interview.