Monitoring activities and system processes


Article from Issue 147/2013

Programs rarely reveal what they are doing in the background, but a few clever tools, of interest to both programmers and administrators, monitor this activity and log system functions.

One class of tools captures the events and function calls of compiled programs (and sometimes even of the entire system), producing logs known as traces. Programmers can use these logs to understand which function calls and actions lead to errors, and repeated entries could indicate race conditions or deadlocks. Reverse engineers might find debuggers useful, and kernel developers could gain insights into the typical processes between user space and the operating system kernel. Admins can use these tools to find out what’s happening on a system, with traces helping them take a closer look at suspicious behavior. For example, if you monitor and log all calls to the system function open, a look at the debugger output could reveal which programs regularly produce temporary files of several gigabytes.

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy Linux Magazine

Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • Practical strace

    After "Hello World," you really need to look at system calls in more detail. In this second of two articles, we'll look at debugging in the real world.

  • Perl: Ptrace

    Linux lets users watch the kernel at work with a little help from Ptrace, a tool that both debuggers and malicious process kidnappers use. A CPAN module introduces this technology to Perl and, if this is not enough, C extensions add functionality.

  • strace

    Get started with strace by examining a pair of "Hello World" programs. Next month, in the second part of this two-part series, I'll take a deeper look at strace output.

  • Fedora 13 is Live

    The latest release features improved device access, improved virtualization.

  • Oracle Linux 6.4 Announced

    Oracle Linux 6.4 offers access to Dtrace and support for the XFS filesystem.

comments powered by Disqus

Direct Download

Read full article as PDF:

Price $2.95