Date: Sat, 30 Jan 2010 01:01:08 +0100 From: Jilles Tjoelker <jilles@stack.nl> To: cronfy <cronfy@gmail.com> Cc: freebsd-hackers@freebsd.org Subject: Re: Unique process id (not pid) and accounting daemon Message-ID: <20100130000108.GB95021@stack.nl> In-Reply-To: <d4ac64921001241533j375705f2we97945d010a1a7ff@mail.gmail.com> References: <d4ac64921001241533j375705f2we97945d010a1a7ff@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Jan 25, 2010 at 02:33:35AM +0300, cronfy wrote: > I am trying to create an accounting daemon that would be more precise > than usual BSD system accounting. It should read the whole process > tree from time to time (say, every 10 seconds) and log changes in > usage of CPU, I/O operations and memory per process. After daemon > notices process exit, it should read /var/account/acct to get a last > portion of accounting data and make a last entry for the process. Also > daemon should read /var/account/acct to find information about > processes that had been running between taking process tree snapshots. > There is a problem: it is not always possible to link a process in a > process tree against matching process in an accounting file. Only > command name, user/group id and start time will match, but: > * start time may change (i. e. after ntpdate); > * command name saved in /var/account/acct is 15 characters max > (AC_COMM_LEN in sys/sys/acct.h), while command name in the process > tree is 19 characters max (MAXCOMLEN in sys/sys/param.h). > To ensure that process in the process tree and process in the > accounting file are the same, I want to add unique process identifier > (uint64_t) to 'proc' struct in sys/sys/proc.h and increment it for > every process fork. I see it is possible to do this just before > sx_sunlock() in fork1() in sys/kern/kern_fork.c. I'll have to add > saving of this identifier in kern_acct.c, of course. > This way I will be extremely easy to remember a process in the process > tree and find a matching one in the accounting file after it finishes. > Am I looking in a right direction or should I try some other way? > Thanks in advance. Have you looked at audit(4)? -- Jilles Tjoelker
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20100130000108.GB95021>