In this example, we report perilously high per-user process counts.
The PerUserProcessCountsEmergency script might send an alert message like the following:
-------------------------------------------------------------------------------
PIKT ALERT
Fri Oct 26 14:26:01 2002
moscow
EMERGENCY:
PerUserProcessCountsEmergency
Report unusually high counts of per-user processes.
683 root /usr/lib/sendmail
killed all root /usr/lib/sendmail processes
317 nobody /opt/local/bin/python
killed all nobody /opt/local/bin/python processes
-------------------------------------------------------------------------------
The PerUserProcessCountsEmergency script makes reference to the process count limits in the PerUserProcessCounts.obj file. The script follows.
///////////////////////////////////////////////////////////////////////////////
//
// process_alarms.cfg
//
///////////////////////////////////////////////////////////////////////////////
[other alarms omitted...]
///////////////////////////////////////////////////////////////////////////////
#if solaris
PerUserProcessCountsEmergency
init
status active
level emergency
task "Report unusually high counts of per-user processes."
// note: a defunct process might show an empty comm field
// below, so we pipe the ps output through the awk filter, too
input proc "=ps -eo user,comm | =behead(1) | =awk 'NF==2' |
=sort | =uniq -c"
dat #count 1
dat $user 2
dat $proc 3
begin // field separator below is "<space><tab>"
=readvals(=objdir/PerUserProcessCounts.obj, proccounts, " ", 4)
#ifdef debug
rule
output log "=per_user_process_counts_log" $inline
#endifdef
// it would be more efficient to put everything following in a single
// foreach loop, but by breaking things out into separate foreach
// loops, we can group things into four separate rules--to log, alert,
// page, and kill
rule // log, for gathering diagnostic stats
foreach #keys($pf, $proccounts)
do #split($pf)
if $2 eq "1"
if $proc =~~ "$1" // '=~~', not 'eq',
// so that '\\*' works
// as a default
if #val($proccounts[$pf])
&& #count >= #val($proccounts[$pf])
output log
"=per_user_process_counts_log"
$inline
fi
break // move on to next rule
fi
fi
endforeach
rule // alert
foreach #keys($pf, $proccounts)
do #split($pf)
if $2 eq "2"
if $proc =~~ "$1"
if #val($proccounts[$pf])
&& #count >= #val($proccounts[$pf])
output mail $inline
fi
break // move on to next rule
fi
fi
endforeach
#ifdef page
rule // page
foreach #keys($pf, $proccounts)
do #split($pf)
if $2 eq "3"
if $proc =~~ "$1"
if #val($proccounts[$pf])
&& #count >= #val($proccounts[$pf])
=page(=pikthostname: $inlin,
=pagesysadmins,
! =offhours(#now()))
pause 5
fi
break // move on to next rule
fi
fi
endforeach
#endifdef // page
rule // kill
foreach #keys($pf, $proccounts)
do #split($pf)
if $2 eq "4"
if $proc =~~ "$1"
if #val($proccounts[$pf])
&& #count >= #val($proccounts[$pf])
=kill_user_proc($proc, $user,
#true())
fi
break // move on to next rule
fi
fi
endforeach
#endif // solaris
///////////////////////////////////////////////////////////////////////////////
[other alarms omitted...]
///////////////////////////////////////////////////////////////////////////////
This is just one program example. You could add rules, or write new scripts, for example to: report and possibly kill runaway processes, report and possibly kill forbidden processes, report extremely high numbers of zombie and defunct processes, log special process accounting data, etc.
[For more examples, see Samples.]
Home |
FAQ |
News |
Intro |
Samples |
Tutorial |
Reference |
Software |
Authors |
Licensing |
SiteSearch
Links |
SiteIndex |
Pikt-Users |
Pikt-Workers |
Contribute |
ContactUs |
Top of Page
Page best viewed at 1024x768.
Page last updated 2005-06-22.
This site is
PIKT®
powered.
PIKT® is a registered trademark of the University of Chicago.
Copyright © 1998-2005 Robert Osterlund. All rights reserved.
|