CODEWITHSUNDEEP
linuxmoduleprocesskernelmonitor
Rick-Rainer Ludwig
Rick-Rainer Ludwig

Reputation: 2401

How to monitor process creation and statistics using kernel module

I wrote a kernel module to monitor cpu and memory time series. Additionally to that, I would like to log all process creations (and their meta date like pid, cmdline, ...) and also exists with their statistics like total I/O and CPU usage.

The main questions is: Can I create a kind of listener to process creation and exit? Especially on exit, I would also need the meta information for the process. How can this be done?

Upvotes: 7

Views: 2099

Answers (2)

Raydel Miranda
Raydel Miranda

Reputation: 14360

I know you are talking about monitoring processes using a Linux kernel module.

But I think it worth mention the python module psutil. Even if it is a user-space solution.

It is a very complete tool that allows monitoring processes about the resources they are using, memory, disk, CPU.

Some examples from the documentation:

Getting CPU usage for some process 

>>> import psutil
>>> p = psutil.Process()
>>> # blocking
>>> p.cpu_percent(interval=1)
2.0
>>> # non-blocking (percentage since last call)
>>> p.cpu_percent(interval=None)
2.9

Getting memory info

>>> import psutil
>>> p = psutil.Process()
>>> p.memory_info()
pmem(rss=15491072, vms=84025344, shared=5206016, text=2555904, lib=0, data=9891840, dirty=0)

And the very interesting open_files

>>> import psutil
>>> f = open('file.ext', 'w')
>>> p = psutil.Process()
>>> p.open_files()
[popenfile(path='/home/giampaolo/svn/psutil/file.ext', fd=3, position=0, mode='w', flags=32769)]

The process creation time

>>> import psutil, datetime
>>> p = psutil.Process()
>>> p.create_time()
1307289803.47
>>> datetime.datetime.fromtimestamp(p.create_time()).strftime("%Y-%m-%d %H:%M:%S")
'2011-03-05 18:03:52'

Of course, you can query info for any process running in your target system just provide the pid to psutil.Process like this: psutil.Process(pid)

Upvotes: 0

user149341
user149341

Reputation:

What you're describing sounds eerily like the Linux process accounting system, which already exists in the kernel. If it isn't an exact fit, your best bet will be to consider extending it, rather than building something entirely new.

Another existing system to look at will be the process events connector, which can be used to notify userspace processes when other processes are created and exit.

Upvotes: 1

Related Questions