SURVIVOR: processinfo Check Module
About processinfo
basics
Module Type Scheduler Remote
check No Yes
syntax
     module processinfo {
       [warncpu <number>]
       [probcpu <number>]
       [warnmem <number>]
       [probmem <number>]
       [warntime <number>]
       [probtime <number>]
       [op (any | all)]
       name <string>
       [name ...]
       [matchtype (a | i)+]
       [uid <relation>]
       [userid <relation>]
     }
     via <transport>
 

Dependencies

  • None

Arguments

Name Type Value
warncpu optional number between 1 and infinity Test: Generate a warning if a matching process has exceeded the specified number of CPU seconds.
probcpu optional number between 1 and infinity Test: Generate a problem if a matching process has exceeded the specified number of CPU seconds.
warnmem optional number between 1 and infinity Test: Generate a warning if a matching process has exceeded the specified amount of memory in KB (virtual total).
probmem optional number between 1 and infinity Test: Generate a problem if a matching process has exceeded the specified amount of memory in KB (virtual total).
warntime optional number between 1 and infinity Test: Generate a warning if a matching process has exceeded the specified number of real seconds. This test is not available on BSD systems.
probtime optional number between 1 and infinity Test: Generate a problem if a matching process has exceeded the specified number of real seconds. This test is not available on BSD systems.
op optional string, one of 'any' or 'all', default is 'any' Determine how to join results together. any indicates that any test specified for a given level (warning or problem) that fails will generate an error at that level. all indicates that all requested tests must fail at a given level for an error to be generated at that level.
name required string list Filter: The regular expression used to match the process. If more than one is provided, each process found with a matching name must match the tests specified.
matchtype optional flags a,i If not provided, only the name of the program (argv[0]) is examined to compare against the name filter.
  • a indicates to examine the name of the program plus all of the arguments.
  • i indicates the program is run through an interpreter, and so the name of the program begins with the second token.
uid optional relation Filter: Match only those processes owned by a numeric uid described by the specified relation.
userid optional relation Filter: Match only those processes owned by a user described by the specified relation. If the userid is specified as a numeric uid (via the uid argument) rather than a username, this module may run significantly faster on hosts with slow name service backends.

At least one test must be specified.

On older BSD systems, only uid or userid may be specified.

Description

The processinfo module determines processes matching the specified filters are running with the characteristics described by the specified tests. For SYSV environments, ps -e -o user,uid,pid,time,args is used, for BSD environments, ps -a -o user,uid,pid,time,command is used if it can be determined that such options are supported, otherwise ps -aux is used.

The matchtype argument can be used to adjust how matching occurs. By default, only the name of the program is matched. However, in some cases (a), the full argument string (as obtained via ps) is necessary for comparison. In other cases (i), programs are run through an interpreter (eg: /usr/bin/perl or java), and the program name is actually an argument to the interpreter running it. For more examples, see the process module.

Examples

  1. To warn when the process leaker owned by the user bloat has consumed 100MB of memory:
         module processinfo {
           userid   reg[^bloat$]
           name     .*leaker
           warnmem  100000
         }
         via remote
         
  2. To look for non-system processes on a timeshare using excessive CPU and that are at least a few hours old:
         module processinfo {
           uid      gt[100]
           name     .*
           warncpu  1000
           probcpu  2000
           warntime 14400
           probtime 21600
           op       all
         }
         via remote
        

$Date: 2006/11/19 21:17:56 $
$Revision: 0.3 $
keywords
matchtype
name
op
probcpu
probmem
probtime
uid
userid
warncpu
warnmem
warntime