Process logging tool for solaris

monitoringprocess-managementsolaris

Is there an existing tool for solaris/unix that keeps a history trail of the list of running processes. I'd like to be able to review backwards in time what processes were active/running.

I can create a cron job that just regularly logs the output of ps into files, but this is crude and over a large server farm seems inefficient and can create many files.

And I need full command arguments so it has to be /usr/ucb/ps auxww output, ideally with cpu times, state, rss, pid, ppid, zone information.

Also, if possible the output should be easy to parse–e.g. in a consistent delimited format or some other.

Best Answer

Use auditing.

Solaris Auditing (Overview)

Auditing generates audit records when specified events occur. Most commonly, events that generate audit records include the following:

System startup and system shutdown

Login and logout

Process creation or process destruction, or thread creation or thread destruction

Opening, closing, creating, destroying, or renaming of objects

Use of privilege capabilities or role-based access control (RBAC)

Identification actions and authentication actions

Permission changes by a process or user

Administrative actions, such as installing a package

Site-specific applications

Audit records are generated from three sources:

By an application

As a result of an asynchronous audit event

As a result of a process system call

A good blog article on Solaris auditing can be found here.

Related Solutions

Memory – Tool for Logging Memory Usage

I have written a script to do exactly this. It basically samples ps at specific intervals, to build up a profile of a particular process. The process can be launched by the monitoring tool itself, or it can be an independent process (specified by pid or command pattern).

Monitoring – Tool to Monitor Bandwidth Usage of a Single Process

something to get you started (just in case you want to write it yourself):

#!/bin/bash
#
# usage: bwmon PID

IN=0; OUT=0; TIME=0

get_traffic() {
    t=`awk '/eth0:/ { printf("%s,%d,%d\n",strftime("%s"),$2,$10); }' < /proc/$1/net/dev`
    IN=${t#*,}; IN=${IN%,*}
    OUT=${t##*,};
    TIME=${t%%,*};
}

get_traffic $1
while true
do
    _IN=$IN; _OUT=$OUT; _TIME=$TIME
    get_traffic $1
    echo "$TIME,$(( $TIME - $_TIME )),$IN,$(( $IN - $_IN )),$OUT,$(( $OUT - $_OUT))"
    sleep 1
done

comments:

checks only eth0
checks every 1 second
works only under linux, but other unixes work similar (procfs or whatever)
output could be stored into a sqlite.db with stat --printf="%N\n" /proc/PID/exe | cut -d ' ' -f 3

Best Answer

Related Solutions

Memory – Tool for Logging Memory Usage

Monitoring – Tool to Monitor Bandwidth Usage of a Single Process

Related Question