744 lines
24 KiB
Groff
744 lines
24 KiB
Groff
.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32
|
|
.\"
|
|
.\" Standard preamble:
|
|
.\" ========================================================================
|
|
.de Sh \" Subsection heading
|
|
.br
|
|
.if t .Sp
|
|
.ne 5
|
|
.PP
|
|
\fB\\$1\fR
|
|
.PP
|
|
..
|
|
.de Sp \" Vertical space (when we can't use .PP)
|
|
.if t .sp .5v
|
|
.if n .sp
|
|
..
|
|
.de Vb \" Begin verbatim text
|
|
.ft CW
|
|
.nf
|
|
.ne \\$1
|
|
..
|
|
.de Ve \" End verbatim text
|
|
.ft R
|
|
.fi
|
|
..
|
|
.\" Set up some character translations and predefined strings. \*(-- will
|
|
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
|
|
.\" double quote, and \*(R" will give a right double quote. | will give a
|
|
.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to
|
|
.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C'
|
|
.\" expand to `' in nroff, nothing in troff, for use with C<>.
|
|
.tr \(*W-|\(bv\*(Tr
|
|
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
|
|
.ie n \{\
|
|
. ds -- \(*W-
|
|
. ds PI pi
|
|
. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
|
|
. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
|
|
. ds L" ""
|
|
. ds R" ""
|
|
. ds C` ""
|
|
. ds C' ""
|
|
'br\}
|
|
.el\{\
|
|
. ds -- \|\(em\|
|
|
. ds PI \(*p
|
|
. ds L" ``
|
|
. ds R" ''
|
|
'br\}
|
|
.\"
|
|
.\" If the F register is turned on, we'll generate index entries on stderr for
|
|
.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index
|
|
.\" entries marked with X<> in POD. Of course, you'll have to process the
|
|
.\" output yourself in some meaningful fashion.
|
|
.if \nF \{\
|
|
. de IX
|
|
. tm Index:\\$1\t\\n%\t"\\$2"
|
|
..
|
|
. nr % 0
|
|
. rr F
|
|
.\}
|
|
.\"
|
|
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
|
|
.\" way too many mistakes in technical documents.
|
|
.hy 0
|
|
.if n .na
|
|
.\"
|
|
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
|
|
.\" Fear. Run. Save yourself. No user-serviceable parts.
|
|
. \" fudge factors for nroff and troff
|
|
.if n \{\
|
|
. ds #H 0
|
|
. ds #V .8m
|
|
. ds #F .3m
|
|
. ds #[ \f1
|
|
. ds #] \fP
|
|
.\}
|
|
.if t \{\
|
|
. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
|
|
. ds #V .6m
|
|
. ds #F 0
|
|
. ds #[ \&
|
|
. ds #] \&
|
|
.\}
|
|
. \" simple accents for nroff and troff
|
|
.if n \{\
|
|
. ds ' \&
|
|
. ds ` \&
|
|
. ds ^ \&
|
|
. ds , \&
|
|
. ds ~ ~
|
|
. ds /
|
|
.\}
|
|
.if t \{\
|
|
. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
|
|
. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
|
|
. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
|
|
. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
|
|
. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
|
|
. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
|
|
.\}
|
|
. \" troff and (daisy-wheel) nroff accents
|
|
.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
|
|
.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
|
|
.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
|
|
.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
|
|
.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
|
|
.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
|
|
.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
|
|
.ds ae a\h'-(\w'a'u*4/10)'e
|
|
.ds Ae A\h'-(\w'A'u*4/10)'E
|
|
. \" corrections for vroff
|
|
.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
|
|
.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
|
|
. \" for low resolution devices (crt and lpr)
|
|
.if \n(.H>23 .if \n(.V>19 \
|
|
\{\
|
|
. ds : e
|
|
. ds 8 ss
|
|
. ds o a
|
|
. ds d- d\h'-1'\(ga
|
|
. ds D- D\h'-1'\(hy
|
|
. ds th \o'bp'
|
|
. ds Th \o'LP'
|
|
. ds ae ae
|
|
. ds Ae AE
|
|
.\}
|
|
.rm #[ #] #H #V #F C
|
|
.\" ========================================================================
|
|
.\"
|
|
.IX Title "ps-watcher 8"
|
|
.TH ps-watcher 8 "2006-03-10" "perl v5.8.8" "User Contributed Perl Documentation"
|
|
.SH "NAME"
|
|
ps\-watcher \- monitors various processes based on ps\-like information.
|
|
.SH "SYNOPSIS"
|
|
.IX Header "SYNOPSIS"
|
|
\&\fBps-watcher\fR [\fIoptions\fR...]
|
|
[\f(CW\*(C`\-\-config\*(C'\fR] \fIconfig-file\fR
|
|
.SH "DESCRIPTION"
|
|
.IX Header "DESCRIPTION"
|
|
Periodically a list of processes obtained via \f(CW\*(C`ps\*(C'\fR. More precisely
|
|
each item in the list contains the process name (just what's listed in
|
|
the \*(L"cmd\*(R" field, not the full command and arguments) and its process
|
|
id (pid). A configuration file specifies a list of Perl
|
|
regular-expression patterns to match the processes against. For each
|
|
match, a Perl expression specified for that pattern is evaluated. The
|
|
evaluated expression can refer to variables which are set by ps and
|
|
pertain to the matched process(es), for example the amount memory
|
|
consumed by the process, or the total elapsed time. Some other
|
|
variables are set by the program, such as the number of times the
|
|
process is running. If the Perl expression for a matched pattern
|
|
evaluates true, then an action can be run such as killing the program,
|
|
restarting it, or mailing an alert, or running some arbitrary Perl
|
|
code.
|
|
.PP
|
|
Some things you might want to watch a daemon or process for:
|
|
.IP "\(bu" 2
|
|
check that it is running (hasn't died)
|
|
.IP "\(bu" 2
|
|
ensure it is not running too many times
|
|
.IP "\(bu" 2
|
|
isn't consuming too much memory (perhaps a memory leak), or I/O
|
|
.PP
|
|
Some actions you might want to take:
|
|
.IP "\(bu" 2
|
|
restart a process
|
|
.IP "\(bu" 2
|
|
kill off rampant processes
|
|
.IP "\(bu" 2
|
|
send an alert about any of the conditions listed above
|
|
.PP
|
|
Depending on options specfied, this program can be run as a daemon,
|
|
run once (which is suitable as a \f(CW\*(C`cron\*(C'\fR job), or run not as a daemon
|
|
but still continuously (which may be handy in testing the program or
|
|
your configuration).
|
|
.Sh "\s-1OPTIONS\s0"
|
|
.IX Subsection "OPTIONS"
|
|
.IP "\-\-help" 4
|
|
.IX Item "--help"
|
|
Print a usage message on standard error and exit with a return code
|
|
of 100.
|
|
.Sp
|
|
\&\&
|
|
.IP "\-\-doc" 4
|
|
.IX Item "--doc"
|
|
Extact the full documentation that you are reading now, print it and
|
|
exit with a return code of 101.
|
|
.Sp
|
|
\&\&
|
|
.IP "\-\-version" 4
|
|
.IX Item "--version"
|
|
Print the version release on standard output and exit with a return
|
|
code of 10.
|
|
.Sp
|
|
\&\&
|
|
.IP "\-\-debug \fInumber\fR" 4
|
|
.IX Item "--debug number"
|
|
Give debugging output. The higher the number, the more the output. The
|
|
default is 0 = none. 2 is the most debugging output.
|
|
.IP "[\-\-config] \fIconfiguration file\fR" 4
|
|
.IX Item "[--config] configuration file"
|
|
Specify configuration file. .
|
|
.Sp
|
|
See \*(L"\s-1CONFIGURATION\s0 \s-1FILE\s0 \s-1FORMAT\s0\*(R" below for information on the format
|
|
of the configuration file and \*(L"\s-1EXAMPLE\s0 \s-1CONFIGURATION\s0\*(R" for a complete
|
|
example of a configuration file.
|
|
.Sp
|
|
\&\&
|
|
.IP "\-\-log [\fIlog file\fR]" 4
|
|
.IX Item "--log [log file]"
|
|
Send or don't send error and debugging output to a log file. If option
|
|
is given but no logfile is specified, then use \s-1STDERR\s0. The default is
|
|
no error log file. See also \-\-syslog below.
|
|
.Sp
|
|
\&\&
|
|
.IP "\-\-syslog | \-\-nosyslog" 4
|
|
.IX Item "--syslog | --nosyslog"
|
|
Send or don't send error and debugging output to syslog. The default
|
|
is to syslog error and debug output.
|
|
.Sp
|
|
\&\&
|
|
.IP "\-\-daemon | \-\-nodaemon" 4
|
|
.IX Item "--daemon | --nodaemon"
|
|
Run or don't as a daemon.
|
|
.Sp
|
|
\&\&
|
|
.IP "\-\-path \fIsearch-path\fR" 4
|
|
.IX Item "--path search-path"
|
|
Specify the executable search path used in running commands.
|
|
.IP "\-\-ps\-prog \fIprogram\fR" 4
|
|
.IX Item "--ps-prog program"
|
|
One can specify the command that gives ps information. By default, the
|
|
command is \fI/bin/ps\fR.
|
|
.Sp
|
|
\&\&
|
|
.IP "\-\-run | \-\-norun" 4
|
|
.IX Item "--run | --norun"
|
|
do/don't run actions go through the motions as though we were going
|
|
to. This may be useful in debugging.
|
|
.Sp
|
|
\&\&
|
|
.IP "\-\-sleep \fIinterval in seconds\fR" 4
|
|
.IX Item "--sleep interval in seconds"
|
|
It is expected that one might want to run ps-watcher over and over
|
|
again. In such instances one can specify the amount of time between
|
|
iterations with this option.
|
|
.Sp
|
|
If a negative number is specified the program is run only once.
|
|
.Sp
|
|
\&\&
|
|
.Sh "\s-1CONFIGURATION\s0 \s-1FILE\s0 \s-1MODIFICATION\s0 \s-1AND\s0 \s-1SIGNAL\s0 \s-1HANDLING\s0"
|
|
.IX Subsection "CONFIGURATION FILE MODIFICATION AND SIGNAL HANDLING"
|
|
Periodically ps-watcher checks to see if the configuration file
|
|
that it was run against has changed. If so, the program rereads the
|
|
configuration file.
|
|
.PP
|
|
More precisely, the checks are done after waking up from a slumber.
|
|
If the sleep interval is long (or if you are impatient), you can
|
|
probably force the program to wake up using a \s-1HUP\s0 signal.
|
|
.PP
|
|
At any time you can increase the level of debug output by sending a
|
|
\&\s-1USR1\s0 signal to the ps-watcher process. Similarly you can decrease the
|
|
level of debug output by sending the process a \s-1USR2\s0 signal.
|
|
.PP
|
|
It is recommended that you terminate ps-watcher via an \s-1INT\s0, \s-1TERM\s0, or \s-1QUIT\s0
|
|
signal.
|
|
.SH "CONFIGURATION FILE FORMAT"
|
|
.IX Header "CONFIGURATION FILE FORMAT"
|
|
The format of a configuration file is a series of fully qualified
|
|
filenames enclosed in square brackets followed by a number of
|
|
parameter lines. Each parameter line has a parameter names followed by
|
|
an \*(L"equal\*(R" sign and finally value. That is:
|
|
.PP
|
|
.Vb 5
|
|
\& # This is a comment line
|
|
\& ; So is this.
|
|
\& [process-pattern1]
|
|
\& parameter1 = value1
|
|
\& parameter2 = value2
|
|
.Ve
|
|
.PP
|
|
.Vb 3
|
|
\& [process-pattern2]
|
|
\& parameter1 = value3
|
|
\& parameter2 = value4
|
|
.Ve
|
|
.PP
|
|
Comments start with # or ; and take effect to the end of the line.
|
|
.PP
|
|
This should be familiar to those who have worked with text-readible
|
|
Microsoft \f(CW\*(C`.INI\*(C'\fR files.
|
|
.PP
|
|
Note process patterns, (\fIprocess\-pattern1\fR and \fIprocess\-pattern2\fR
|
|
above) must be unique. If there are times when you may want to
|
|
refer to the same process, one can be creative to make these unique.
|
|
e.g. \fIcron\fR and \fI[c]ron\fR which refer to the same process even
|
|
though they \fIappear\fR to be different.
|
|
.PP
|
|
As quoted directly from the Config::IniFiles documentation:
|
|
.PP
|
|
Multiline or multivalued fields may also be defined ala \s-1UNIX\s0
|
|
\&\*(L"here document\*(R" syntax:
|
|
.PP
|
|
.Vb 4
|
|
\& Parameter=<<EOT
|
|
\& value/line 1
|
|
\& value/line 2
|
|
\& EOT
|
|
.Ve
|
|
.PP
|
|
You may use any string you want in place of \*(L"\s-1EOT\s0\*(R". Note
|
|
that what follows the \*(L"<<\*(R" and what appears at the end of
|
|
the text \fImust\fR match exactly, including any trailing
|
|
whitespace.
|
|
.PP
|
|
There are two special \*(L"process patterns\*(R": \f(CW$PROLOG\fR and \f(CW$EPILOG\fR, the
|
|
former should appear first and the latter last.
|
|
.PP
|
|
You can put perl code to initialize variables here and do cleanup
|
|
actions in these sections using \*(L"perl\-action.\*(R"
|
|
.PP
|
|
A description of parameters names, their meanings and potential values
|
|
follows.
|
|
.IP "trigger" 4
|
|
.IX Item "trigger"
|
|
This parameter specifies the condition on which a process action is
|
|
fired. The condition is evaluated with Perl \fIeval()\fR and should
|
|
therefore return something which is equivalent to \*(L"true\*(R" in a Perl
|
|
expression.
|
|
.Sp
|
|
If no trigger is given in a section, true or 1 is assumed and
|
|
the action is unconditionally triggered.
|
|
.Sp
|
|
Example:
|
|
.Sp
|
|
.Vb 8
|
|
\& # Match if httpd has not spawned enough (<4) times. NFS and databases
|
|
\& # daemons typically spawn child processes. Since the program
|
|
\& # matches against the command names, not commands and arguments,
|
|
\& # something like: ps -ef | grep httpd won't match the below.
|
|
\& # If you want to match against the command with arguments, see
|
|
\& # the example with $args below.
|
|
\& [httpd$]
|
|
\& trigger = $count <= 4
|
|
.Ve
|
|
.IP "occurs" 4
|
|
.IX Item "occurs"
|
|
This parameter specifies how many times an action should be performed
|
|
on processes matching the section trigger. Acceptable values are
|
|
\&\*(L"every\*(R", \*(L"first\*(R", \*(L"first\-trigger\*(R", and \*(L"none\*(R".
|
|
.Sp
|
|
Setting the occurs value to \*(L"none\*(R" causes the the trigger to be
|
|
evaluated when there are no matching processes. Although one might
|
|
think \*(L"$count == 0\*(R" in the action expression would do the same thing,
|
|
currently as coded this does not work.
|
|
.Sp
|
|
Setting the occurs value to \*(L"first\*(R" causes the process-pattern rule to
|
|
be finished after handling the first rule that matches, whether or not the
|
|
trigger evaluated to true.
|
|
.Sp
|
|
Setting the occurs value to \*(L"first\-trigger\*(R" causes the process-pattern
|
|
rule to be finished after handling the first rule that matches \fIand\fR
|
|
the trigger evaluates to true.
|
|
.Sp
|
|
If the item parameter is not specified, \*(L"first\*(R" is assumed.
|
|
.Sp
|
|
Examples:
|
|
.Sp
|
|
.Vb 3
|
|
\& [.]
|
|
\& occurs = first
|
|
\& action = echo "You have $count processes running"
|
|
.Ve
|
|
.Sp
|
|
.Vb 4
|
|
\& # Note in the above since there is no trigger specified,
|
|
\& # occurs = first
|
|
\& # is the same thing as
|
|
\& # occurs = first-trigger
|
|
.Ve
|
|
.Sp
|
|
.Vb 4
|
|
\& [.?]
|
|
\& trigger = $vsz > 1000
|
|
\& occurs = every
|
|
\& action = echo "Large program $command matches $ps_pat: $vsz KB"
|
|
.Ve
|
|
.Sp
|
|
.Vb 8
|
|
\& # Fire if /usr/sbin/syslogd is not running.
|
|
\& # Since the program matches against the command names, not commands and
|
|
\& # arguments, something like:
|
|
\& # ps -ef | grep /usr/sbin/syslogd
|
|
\& # won't match the below.
|
|
\& [(/usr/sbin/)?syslogd]
|
|
\& occurs = none
|
|
\& action = /etc/init.d/syslogd start
|
|
.Ve
|
|
.IP "action" 4
|
|
.IX Item "action"
|
|
This specifies the action, a command that gets run by the system
|
|
shell, when the trigger condition is evaluated to be true.
|
|
.Sp
|
|
Example:
|
|
.Sp
|
|
.Vb 1
|
|
\& action = /etc/init.d/market_loader.init restart
|
|
.Ve
|
|
.IP "perl-action" 4
|
|
.IX Item "perl-action"
|
|
This specifies Perl statements to be eval'd. This can be especially
|
|
useful in conjunction with \f(CW$PROLOG\fR and \f(CW$EPILOG\fR sections to make tests
|
|
across collections of process and do things which ps-watcher
|
|
would otherwise not be able to do.
|
|
.Sp
|
|
Example:
|
|
.Sp
|
|
.Vb 5
|
|
\& # A Perl variable initialization.
|
|
\& # Since ps-watcher runs as a daemon it's a good idea
|
|
\& # to (re)initialize variables before each run.
|
|
\& [$PROLOG]
|
|
\& perl-action = $root_procs=0;
|
|
.Ve
|
|
.Sp
|
|
.Vb 4
|
|
\& # Keep track of how many root processes we are running
|
|
\& [.*]
|
|
\& perl-action = $root_procs++ if $uid == 0
|
|
\& occurs = every
|
|
.Ve
|
|
.Sp
|
|
.Vb 3
|
|
\& # Show this count.
|
|
\& [$EPILOG]
|
|
\& action = echo "I counted $root_procs root processes"
|
|
.Ve
|
|
.Sh "\s-1EXPANDED\s0 \s-1VARIABLES\s0 \s-1IN\s0 \s-1TRIGGER/ACTION\s0 \s-1CLAUSES\s0"
|
|
.IX Subsection "EXPANDED VARIABLES IN TRIGGER/ACTION CLAUSES"
|
|
Any variables defined in the program can be used in pattern or
|
|
action parameters. For example, \f(CW$program\fR can be used to refer to
|
|
the name of this program ps\-watcher.
|
|
.PP
|
|
The following variables can be used in either the pattern or action
|
|
fields.
|
|
.IP "$action" 4
|
|
.IX Item "$action"
|
|
A string containing the text of the action to run.
|
|
.Sp
|
|
\&\&
|
|
.IP "$perl_action" 4
|
|
.IX Item "$perl_action"
|
|
A string containing the text of the perl_action to run.
|
|
.Sp
|
|
\&\&
|
|
.IP "$ps_pat" 4
|
|
.IX Item "$ps_pat"
|
|
The Perl regular expression specified in the beginning of the section.
|
|
.Sp
|
|
\&\&
|
|
.IP "$command" 4
|
|
.IX Item "$command"
|
|
The command that matched \f(CW$ps_pat\fR.
|
|
.Sp
|
|
The Perl regular expression specified in the beginning of the section.
|
|
Normally processes will not have funny characters in them. Just in
|
|
case, backticks in \f(CW$command\fR are escaped.
|
|
.Sp
|
|
Example:
|
|
.Sp
|
|
.Vb 2
|
|
\& # List processes other than emacs (which is a known pig) that use lots
|
|
\& # of virtual memory
|
|
.Ve
|
|
.Sp
|
|
.Vb 3
|
|
\& [.*]
|
|
\& trigger = $command !~ /emacs$/ && $vsz > 10
|
|
\& action = echo \e"Looks like you have a big \e$command program: \e$vsz KB\e"
|
|
.Ve
|
|
.Sp
|
|
\&\&
|
|
.IP "$count" 4
|
|
.IX Item "$count"
|
|
The number of times the pattern matched. Presumably the number of
|
|
processes of this class running.
|
|
.Sp
|
|
\&\&
|
|
.IP "$trigger" 4
|
|
.IX Item "$trigger"
|
|
A string containing the text of the trigger.
|
|
.PP
|
|
A list of variables specific to this program or fields commonly found in
|
|
\&\f(CW\*(C`ps\*(C'\fR output is listed below followed by a description of the more
|
|
common ones. See also \f(CW\*(C`ps\*(C'\fR for a more complete
|
|
description of the meaning of the field.
|
|
.PP
|
|
.Vb 11
|
|
\& uid euid ruid gid egid rgid alarm blocked bsdtime c caught
|
|
\&cputime drs dsiz egroup eip esp etime euser f fgid
|
|
\&fgroup flag flags fname fsgid fsgroup fsuid fsuser fuid fuser
|
|
\&group ignored intpri lim longtname m_drs m_trs maj_flt majflt
|
|
\&min_flt minflt ni nice nwchan opri pagein pcpu pending pgid pgrp
|
|
\&pmem ppid pri rgroup rss rssize rsz ruser s sess session
|
|
\&sgi_p sgi_rss sgid sgroup sid sig sig_block sig_catch sig_ignore
|
|
\&sig_pend sigcatch sigignore sigmask stackp start start_stack start_time
|
|
\&stat state stime suid suser svgid svgroup svuid svuser sz time timeout
|
|
\&tmout tname tpgid trs trss tsiz tt tty tty4 tty8 uid_hack uname
|
|
\&user vsize vsz wchan
|
|
.Ve
|
|
.PP
|
|
Beware though, in some situations ps can return multiple lines for a
|
|
single process and we will use just one of these in the trigger. In
|
|
particular, Solaris's \f(CW\*(C`ps\*(C'\fR will return a line for each \s-1LWP\s0 (light\-weight
|
|
process). So on Solaris, if a trigger uses variable lwp, it may or may
|
|
not match depending on which single line of the multiple \f(CW\*(C`ps\*(C'\fR lines is
|
|
used.
|
|
.PP
|
|
\&\&
|
|
.IP "$args" 4
|
|
.IX Item "$args"
|
|
The command along with its command arguments. It is possible that this
|
|
is might get truncated at certain length (if ps does likewise as is
|
|
the case on Solaris).
|
|
.Sp
|
|
\&\&
|
|
.IP "$ppid" 4
|
|
.IX Item "$ppid"
|
|
The parent process id.
|
|
.Sp
|
|
\&\&
|
|
.IP "$stime" 4
|
|
.IX Item "$stime"
|
|
The start time of the process.
|
|
.Sp
|
|
\&\&
|
|
.IP "$etime" 4
|
|
.IX Item "$etime"
|
|
The end time of the process.
|
|
.Sp
|
|
\&\&
|
|
.IP "$pmem" 4
|
|
.IX Item "$pmem"
|
|
The process memory.
|
|
.Sp
|
|
\&\&
|
|
.IP "$pcpu" 4
|
|
.IX Item "$pcpu"
|
|
The percent \s-1CPU\s0 utilization.
|
|
.Sp
|
|
\&\&
|
|
.IP "$tty" 4
|
|
.IX Item "$tty"
|
|
The controlling tty.
|
|
.Sp
|
|
\&\&
|
|
.IP "$szv" 4
|
|
.IX Item "$szv"
|
|
Virtual memory size of the process
|
|
.Sh "\s-1OTHER\s0 \s-1THINGS\s0 \s-1IN\s0 \s-1TRIGGER\s0 \s-1CLAUSES\s0"
|
|
.IX Subsection "OTHER THINGS IN TRIGGER CLAUSES"
|
|
To make testing against elapsed time easier, a function \f(CW\*(C`elapse2sec()\*(C'\fR
|
|
has been written to parse and convert elapsed time strings in the
|
|
format \f(CW\*(C`dd\-hh:mm:ss\*(C'\fR and a number of seconds.
|
|
.PP
|
|
Some constants for the number of seconds in a minute, hour, or day
|
|
have also been defined. These are referred to as \f(CW\*(C`MINS\*(C'\fR, \f(CW\*(C`HOURS\*(C'\fR,
|
|
and \f(CW\*(C`DAYS\*(C'\fR respectively and they have the expected definitions:
|
|
.PP
|
|
.Vb 3
|
|
\& use constant MINS => 60;
|
|
\& use constant HOURS => 60*60;
|
|
\& use constant DAYS => HOURS * 24;
|
|
.Ve
|
|
.PP
|
|
Here is an example of the use of \f(CW\*(C`elapsed2sec()\*(C'\fR:
|
|
.PP
|
|
.Vb 7
|
|
\& # Which processes have been running for more than 3 hours?
|
|
\& # Also note use of builtin-function elapsed2secs, variable $etime
|
|
\& # and builtin-function HOURS
|
|
\& [.]
|
|
\& trigger = elapsed2secs('$etime') > 1*DAYS
|
|
\& action = echo "$command has been running more than 1 day ($etime)"
|
|
\& occurs = every
|
|
.Ve
|
|
.PP
|
|
Please note the quotes around '$etime'.
|
|
.SH "EXAMPLE CONFIGURATION"
|
|
.IX Header "EXAMPLE CONFIGURATION"
|
|
.Vb 1
|
|
\& # Comments start with # or ; and go to the end of the line.
|
|
.Ve
|
|
.PP
|
|
.Vb 4
|
|
\& # The format for each entry is in Microsoft .INI form:
|
|
\& # [process-pattern]
|
|
\& # trigger = perl-expression
|
|
\& # action = program-and-arguments-to-run
|
|
.Ve
|
|
.PP
|
|
.Vb 3
|
|
\& [httpd$]
|
|
\& trigger = $count < 4
|
|
\& action = echo "$trigger fired -- You have $count httpd sessions."
|
|
.Ve
|
|
.PP
|
|
.Vb 3
|
|
\& [.]
|
|
\& trigger = $vsz > 10
|
|
\& action = echo "Looks like you have a big $command program: $vsz KB"
|
|
.Ve
|
|
.PP
|
|
.Vb 10
|
|
\& # Unfortunately we have use a different pattern below. (Here we use
|
|
\& # ".?" instead of ".".) In effect the the two patterns mean
|
|
\& # test every process.
|
|
\& [.?]
|
|
\& trigger = elapsed2secs('$etime') > 2*MINS && $pcpu > 40
|
|
\& occurs = every
|
|
\& action = <<EOT
|
|
\& echo "$command used $pcpu% CPU for the last $etime seconds" | /bin/mail root
|
|
\& kill -TERM $pid
|
|
\& EOT
|
|
.Ve
|
|
.PP
|
|
.Vb 9
|
|
\& # Scripts don't show as the script name as the command name on some
|
|
\& # operating systems. Rather the name of the interpreter is listed
|
|
\& # (e.g. bash or perl) Here's how you can match against a script.
|
|
\& # BSD/OS is an exception: it does give the script name rather than
|
|
\& # the interpreter name.
|
|
\& [/usr/bin/perl]
|
|
\& trigger = \e$args !~ /ps-watcher/
|
|
\& occurs = every
|
|
\& action = echo "***found perl program ${pid}:\en $args"
|
|
.Ve
|
|
.ie n .SH "Using $PROLOG for getting non-ps information"
|
|
.el .SH "Using \f(CW$PROLOG\fP for getting non-ps information"
|
|
.IX Header "Using $PROLOG for getting non-ps information"
|
|
Here is an example to show how to use ps-watcher to do something not
|
|
really possible from ps: check to see if a \fIport\fR is active. We make
|
|
use of lsof to check port 3333 and the \f(CW$PROLOG\fR make sure it runs.
|
|
.PP
|
|
.Vb 6
|
|
\& [$PROLOG]
|
|
\& occurs = first
|
|
\& trigger = { \e$x=`lsof -i :3333 >/dev/null 2>&1`; \e$? >> 8 }
|
|
\& action = <<EOT
|
|
\& put-your-favorite-command-here arg1 arg2 ...
|
|
\& EOT
|
|
.Ve
|
|
.SH "SECURITY CONSIDERATIONS"
|
|
.IX Header "SECURITY CONSIDERATIONS"
|
|
Any daemon such as this one which is sufficiently flexible is a
|
|
security risk. The configuration file allows arbitrary commands to be
|
|
run. In particular if this daemon is run as root and the configuration
|
|
file is not protected so that it can't be modified, a bad person could
|
|
have their programs run as root.
|
|
.PP
|
|
There's nothing in the ps command or ps\-watcher, that requires one to
|
|
run this daemon as root.
|
|
.PP
|
|
So as with all daemons, one needs to take usual security precautions
|
|
that a careful sysadmin/maintainer of a computer would. If you can run
|
|
any daemon as an unprivileged user (or with no privileges), do it! If
|
|
not, set the permissions on the configuration file and the directory
|
|
it lives in.
|
|
.PP
|
|
This program can also run chrooted and there is a \-\-path option that
|
|
is available which can be used to set the executable search path. All
|
|
commands used by ps-watcher are fully qualified, and I generally give a
|
|
full execution path in my configuration file, so consider using the
|
|
option \-\-path=''.
|
|
.PP
|
|
Commands that need to be run as root you can run via sudo. I often
|
|
run process accounting which tracks all commands run. Tripwire may be
|
|
useful to track changed configuration files.
|
|
.SH "TROUBLESHOOTING"
|
|
.IX Header "TROUBLESHOOTING"
|
|
To debug a configuration file the following options are useful:
|
|
.PP
|
|
ps-watcher \-\-log \-\-nodaemon \-\-sleep \-1 \-\-debug 2 \fIconfiguration-file\fR
|
|
.PP
|
|
For even more information and control try running the above under the
|
|
perl debugger, e.g.
|
|
.PP
|
|
perl \-d ps-watcher \-\-log \-\-nodaemon \-\-sleep \-1 \-\-debug 2 \fIconfiguration-file\fR
|
|
.SH "BUGS"
|
|
.IX Header "BUGS"
|
|
Well, some of these are not so much a bug in ps-watcher so much as a
|
|
challenge to getting ps-watcher to do what you want it to do.
|
|
.PP
|
|
One common problem people run in into is understanding exactly what
|
|
the process variables mean. The manual page \fIps\fR\|(1) should be of
|
|
help, but I've found some of the descriptions either a bit vague or
|
|
just plain lacking.
|
|
.PP
|
|
Sometimes one will see this error message when debug tracing is turned on:
|
|
.PP
|
|
.Vb 1
|
|
\& ** debug ** Something wrong getting ps variables
|
|
.Ve
|
|
.PP
|
|
This just means that the process died betwee the time ps-watcher first
|
|
saw the existence of the process and the time that it queried
|
|
variables.
|
|
.SH "SEE ALSO"
|
|
.IX Header "SEE ALSO"
|
|
See also \fIps\fR\|(1) and \fIsyslogd\fR\|(8).
|
|
.PP
|
|
Another cool program doing ps-like things is \f(CW\*(C`xps\*(C'\fR. Well okay, it's
|
|
another program I distributed. It shows the process tree dynamically
|
|
updated using X Motif and tries to display the output \*(L"attractively\*(R"
|
|
but fast. You can the find the homepage at
|
|
<http://motif\-pstree.sourceforge.net> and it download via
|
|
<http://prdownloads.sourceforge.net/motif\-pstree?sort_by=date&sort=desc>
|
|
.SH "AUTHOR"
|
|
.IX Header "AUTHOR"
|
|
Rocky Bernstein (rocky@cpan.org)
|
|
.SH "COPYRIGHT"
|
|
.IX Header "COPYRIGHT"
|
|
.Vb 6
|
|
\& Copyright (C) 2000, 2002, 2003, 2004, 2005, 2006
|
|
\& Rocky Bernstein, email: rocky@cpan.org.
|
|
\& This program is free software; you can redistribute it and/or modify
|
|
\& it under the terms of the GNU General Public License as published by
|
|
\& the Free Software Foundation; either version 2 of the License, or
|
|
\& (at your option) any later version.
|
|
.Ve
|
|
.PP
|
|
.Vb 4
|
|
\& This program is distributed in the hope that it will be useful,
|
|
\& but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
\& MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
\& GNU General Public License for more details.
|
|
.Ve
|
|
.PP
|
|
.Vb 3
|
|
\& You should have received a copy of the GNU General Public License
|
|
\& along with this program; if not, write to the Free Software
|
|
\& Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
|
|
.Ve
|