Unique process id (not pid) and accounting daemon

cronfy cronfy at gmail.com
Sun Jan 24 23:29:45 UTC 2010


I am trying to create an accounting daemon that would be more precise
than usual BSD system accounting. It should read the whole process
tree from time to time (say, every 10 seconds) and log changes in
usage of CPU, I/O operations and memory per process. After daemon
notices process exit, it should read /var/account/acct to get a last
portion of accounting data and make a last entry for the process. Also
daemon should read /var/account/acct to find information about
processes that had been running between taking process tree snapshots.

There is a problem: it is not always possible to link a process in a
process tree against matching process in an accounting file. Only
command name, user/group id  and start time will match, but:

 * start time may change (i. e. after ntpdate);
 * command name saved in /var/account/acct is 15 characters max
(AC_COMM_LEN in sys/sys/acct.h), while command name in the process
tree is 19 characters max (MAXCOMLEN in sys/sys/param.h).

To ensure that process in the process tree and process in the
accounting file are the same, I want to add unique process identifier
(uint64_t) to 'proc' struct in sys/sys/proc.h and increment it for
every process fork. I see it is possible to do this just before
sx_sunlock() in fork1() in sys/kern/kern_fork.c. I'll have to add
saving of this identifier in kern_acct.c, of course.

This way I will be extremely easy to remember a process in the process
tree and find a matching one in the accounting file after it finishes.

Am I looking in a right direction or should I try some other way?
Thanks in advance.

// cronfy

More information about the freebsd-questions mailing list