[unisog] Simple system process accounting

Valdis.Kletnieks at vt.edu Valdis.Kletnieks at vt.edu
Wed Apr 6 18:06:41 GMT 2005


On Wed, 06 Apr 2005 11:26:22 CDT, John Kristoff said:
> Does anyone have recommendations or techniques they use for simple
> process accounting on a unix system?  I'm aware that there are very
> sophisticated tools available that will keep very detailed statistics
> and monitor changes, but I am interested in using some simpler scripts
> or code for a particular class of systems.  I'm thinking of a tool
> that would just runs periodically and send me an email summary.  For
> example, if it were as simple as this:
> 
>   ps -ef | egrep -v $$ | diff -u baseline.txt - | mail jtk at northwestern.edu
> 
> that would be great (unfortunately that doesn't tend to work very
> well.  :-).
> 
> I may not be exactly sure what I want other than something that is
> relatively simple to use and can provide some basic summary of
> processes (and major changes to them) over long periods of time.
> This is for network application servers (e.g. dns, dhcp, syslog,
> flows), which don't tend to many users or many transient user
> processes running on them very often.  This would mainly be used to
> keep tabs on standard running processes and identify ones that have
> been added (particularly system processes) or abandonded (typically
> user processes).
> 
> If people would send replies privately I can summarize to the list.

The BSD 'runacct' stuff will likely be sufficient, and some variant of it
comes with most Unixoids (Irix, AIX, and Solaris for sure, and I'm pretty
sure HP/UX has it as well).

For Linux boxes, you'll need a kernel built with CONFIG_BSD_PROCESS_ACCT=y,
and the 'psacct' package for very basic accounting.  For the full 'runacct'
scheme, some porting will be needed (although once you get the kernel and
psacct done, it should be pretty easy from there...)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
Url : http://www.dshield.org/pipermail/unisog/attachments/20050406/fd259d2f/attachment.bin


More information about the unisog mailing list