From owner-freebsd-hackers@FreeBSD.ORG Sat Jan 30 00:01:09 2010 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id EE4991065679 for ; Sat, 30 Jan 2010 00:01:09 +0000 (UTC) (envelope-from jilles@stack.nl) Received: from mx1.stack.nl (relay04.stack.nl [IPv6:2001:610:1108:5010::107]) by mx1.freebsd.org (Postfix) with ESMTP id B401A8FC13 for ; Sat, 30 Jan 2010 00:01:09 +0000 (UTC) Received: from toad.stack.nl (toad.stack.nl [IPv6:2001:610:1108:5010::135]) by mx1.stack.nl (Postfix) with ESMTP id 92A6B1DD684; Sat, 30 Jan 2010 01:01:08 +0100 (CET) Received: by toad.stack.nl (Postfix, from userid 1677) id 86D6873F9D; Sat, 30 Jan 2010 01:01:08 +0100 (CET) Date: Sat, 30 Jan 2010 01:01:08 +0100 From: Jilles Tjoelker To: cronfy Message-ID: <20100130000108.GB95021@stack.nl> References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.18 (2008-05-17) Cc: freebsd-hackers@freebsd.org Subject: Re: Unique process id (not pid) and accounting daemon X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 30 Jan 2010 00:01:10 -0000 On Mon, Jan 25, 2010 at 02:33:35AM +0300, cronfy wrote: > I am trying to create an accounting daemon that would be more precise > than usual BSD system accounting. It should read the whole process > tree from time to time (say, every 10 seconds) and log changes in > usage of CPU, I/O operations and memory per process. After daemon > notices process exit, it should read /var/account/acct to get a last > portion of accounting data and make a last entry for the process. Also > daemon should read /var/account/acct to find information about > processes that had been running between taking process tree snapshots. > There is a problem: it is not always possible to link a process in a > process tree against matching process in an accounting file. Only > command name, user/group id and start time will match, but: > * start time may change (i. e. after ntpdate); > * command name saved in /var/account/acct is 15 characters max > (AC_COMM_LEN in sys/sys/acct.h), while command name in the process > tree is 19 characters max (MAXCOMLEN in sys/sys/param.h). > To ensure that process in the process tree and process in the > accounting file are the same, I want to add unique process identifier > (uint64_t) to 'proc' struct in sys/sys/proc.h and increment it for > every process fork. I see it is possible to do this just before > sx_sunlock() in fork1() in sys/kern/kern_fork.c. I'll have to add > saving of this identifier in kern_acct.c, of course. > This way I will be extremely easy to remember a process in the process > tree and find a matching one in the accounting file after it finishes. > Am I looking in a right direction or should I try some other way? > Thanks in advance. Have you looked at audit(4)? -- Jilles Tjoelker