PIKT

Samples: Process Count Limits

PIKT Logo
Home FAQ News Intro Samples Tutorial Reference Software Authors Licensing SiteSearch


In this example, we report perilously high per-user process counts.

The PerUserProcessCountsEmergency script might send an alert message like the following:

-------------------------------------------------------------------------------

                                PIKT ALERT
                         Fri Oct 26 14:26:01 2002
                                  moscow

EMERGENCY:
    PerUserProcessCountsEmergency
        Report unusually high counts of per-user processes.

         683     root /usr/lib/sendmail
        killed all root /usr/lib/sendmail processes
         317   nobody /opt/local/bin/python
        killed all nobody /opt/local/bin/python processes

-------------------------------------------------------------------------------
The PerUserProcessCountsEmergency script makes reference to the process count limits in the PerUserProcessCounts.obj file.  The script follows.

///////////////////////////////////////////////////////////////////////////////
//
// process_alarms.cfg
//
///////////////////////////////////////////////////////////////////////////////

[other alarms omitted...]

///////////////////////////////////////////////////////////////////////////////

#if solaris

PerUserProcessCountsEmergency

        init
                status active
                level emergency
                task "Report unusually high counts of per-user processes."
                // note: a defunct process might show an empty comm field
                // below, so we pipe the ps output through the awk filter, too
                input proc "=ps -eo user,comm | =behead(1) | =awk 'NF==2' |
                            =sort | =uniq -c"
                dat #count 1
                dat $user  2
                dat $proc  3

        begin   // field separator below is "<space><tab>"
                =readvals(=objdir/PerUserProcessCounts.obj, proccounts, "    ", 4)

#ifdef debug
        rule
                output log "=per_user_process_counts_log" $inline
#endifdef

        // it would be more efficient to put everything following in a single
        // foreach loop, but by breaking things out into separate foreach
        // loops, we can group things into four separate rules--to log, alert,
        // page, and kill

        rule    // log, for gathering diagnostic stats
                foreach #keys($pf, $proccounts)
                        do #split($pf)
                        if $2 eq "1"
                                if $proc =~~ "$1"       // '=~~', not 'eq',
                                                        // so that '\\*' works
                                                        // as a default
                                        if    #val($proccounts[$pf])
                                           && #count >= #val($proccounts[$pf])
                                                output log
                                                  "=per_user_process_counts_log"
                                                  $inline
                                        fi
                                        break   // move on to next rule
                                fi
                        fi
                endforeach

        rule    // alert
                foreach #keys($pf, $proccounts)
                        do #split($pf)
                        if $2 eq "2"
                                if $proc =~~ "$1"
                                        if    #val($proccounts[$pf])
                                           && #count >= #val($proccounts[$pf])
                                                output mail $inline
                                        fi
                                        break   // move on to next rule
                                fi
                        fi
                endforeach

#ifdef page
        rule    // page
                foreach #keys($pf, $proccounts)
                        do #split($pf)
                        if $2 eq "3"
                                if $proc =~~ "$1"
                                        if    #val($proccounts[$pf])
                                           && #count >= #val($proccounts[$pf])
                                                =page(=pikthostname: $inlin,
                                                      =pagesysadmins,
                                                      ! =offhours(#now()))
                                                pause 5
                                        fi
                                        break   // move on to next rule
                                fi
                        fi
                endforeach
#endifdef  // page

        rule    // kill
                foreach #keys($pf, $proccounts)
                        do #split($pf)
                        if $2 eq "4"
                                if $proc =~~ "$1"
                                        if    #val($proccounts[$pf])
                                           && #count >= #val($proccounts[$pf])
                                                =kill_user_proc($proc, $user,
                                                                #true())
                                        fi
                                        break   // move on to next rule
                                fi
                        fi
                endforeach

#endif  // solaris

///////////////////////////////////////////////////////////////////////////////

[other alarms omitted...]

///////////////////////////////////////////////////////////////////////////////
This is just one program example.  You could add rules, or write new scripts, for example to:  report and possibly kill runaway processes, report and possibly kill forbidden processes, report extremely high numbers of zombie and defunct processes, log special process accounting data, etc.

[For more examples, see Samples.]


Home | FAQ | News | Intro | Samples | Tutorial | Reference | Software | Authors | Licensing | SiteSearch
Links | SiteIndex | Pikt-Users | Pikt-Workers | Contribute | ContactUs | Top of Page
Page best viewed at 1024x768.   Page last updated 2005-06-22.
This site is PIKT® powered.
PIKT® is a registered trademark of the University of Chicago.
Copyright © 1998-2005 Robert Osterlund.  All rights reserved.

Computer Books at Amazon.com

sendmail
sendmail

qmail
qmail

SpamAssassin
SpamAssassin

sendmail Cookbook
sendmail Cookbook

Linux Sendmail Administration
Linux Sendmail Administration