|
[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
[NMLUG] Process logger?
Kelly:
You need to be a bit more specific - are you talking about logging every
process or only those run by users?
Which distro?
For more info go look at LAUS or Linux audit -
My guess is that what you want done is possible but please be aware that
depending on system load and user activity you may need a substantial
raid just to collect and store the logs.
Also, doing this eats cycles - so you will need a very beefy box to do it -
Later -
Michael
Kelly Jones wrote:
> If a process runs for a long time, I can use "ps -aux -www" to see
> info about it, and even look at /proc/pid/*
>
> But sometimes a process starts, runs, and ends before I can see it
> with "ps -aux -www" or can look at /proc/pid/*
>
> Is there a way to log processes? A daemon or kernel module that
> creates syslog entries like this:
>
> Nov 23 16:57:38 machine processd[6052]: Process 1234 started, command=foo,
> arg1=bar, arg2=blah
>
> Nov 23 16:57:38 machine processd[6052]: Process 1234 opened file
> "/tmp/foobar.txt", file descriptor 3
>
> Nov 23 16:57:39 machine processd[6052]: Process 1234 ended
>
> Obviously this would be something that could turned on/off (would
> really clutter the logs otherwise).
>
> I know about strace, but that only works well for processes I start
> from the command-line.
>
>------------------------------------------------------------------------
>
>_______________________________________________
>NMLUG mailing list
>NMLUG at nmlug.org
>http://www.nmlug.org/mailman/listinfo/nmlug
>
|
|
