Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow for "continuous update" of started/ended processes #266

Open
BenBE opened this issue Oct 19, 2020 · 4 comments
Open

Allow for "continuous update" of started/ended processes #266

BenBE opened this issue Oct 19, 2020 · 4 comments
Labels
new feature Completely new feature

Comments

@BenBE
Copy link
Member

BenBE commented Oct 19, 2020

With #241 watching for processes that recently started/ended becomes quite easy to follow. Unfortunately the default delay for process updates is quite large thus when e.g. running make or other tools that create lots of short-lived children you are going to miss most of the action.

With most systems there exists a facility in form of dtrace that should allow to actually monitor the process creation/termination in "real-time" thus no longer missing any child born - no matter how short-lived.

Some constraints:

  • Requires root (an alternative using inotify on /proc doesn't seem to work - no IN_CREATE/IN_DELETE on /proc// directories received 😢 )
  • Should only collect quick initial data outside regular update cycle
  • Implementation using dtrace may be quite platform dependent despite providing a similar interface on most platforms
  • Will likely require some major changes to the internal handling of the process list (cf. e.g. Improving Command display/sort #42, Add support for sorting in Tree mode #240)
  • Might be quite heavy on the system load on busy systems 😢

This really is an enhancement idea, but I don't see a chance for any near-term implementation, thus low-prio / wishlist. Patches implementing this welcome anyway.
@fasterit fasterit added enhancement Extension or improvement to existing feature needs-discussion 🤔 Changes need to be discussed and require consent labels Oct 19, 2020
@fasterit
Copy link
Member

As discussed on irc with @BenBE ... possible with eBPF:
https://github.com/iovisor/bcc/blob/master/tools/execsnoop.py
https://bolinfest.github.io/opensnoop-native/

@cgzones
Copy link
Member

cgzones commented Oct 19, 2020

Maybe related: https://natanyellin.com/posts/tracking-running-processes-on-linux/

@BenBE BenBE added new feature Completely new feature and removed enhancement Extension or improvement to existing feature needs-discussion 🤔 Changes need to be discussed and require consent labels Dec 16, 2020
@cgzones
Copy link
Member

cgzones commented Jan 8, 2021

Another idea might be to not have a big delay (default: 1.5s) and gather all data on each cycle, but having a small (0.2s?) delay and check only newly detected processes until the next full-data-cycle.

@BenBE
Copy link
Member Author

BenBE commented Jan 8, 2021

This might work sufficiently well for small numbers of processes changing between each cycle. You could even improve on this by using a FIFO queue of processes waiting for updates. That way you could even limit the number of updates in such a "partial" cycle to a certain maximum. Combined with the TreeSet information from the tree building in #307 you could probably also speed-up the insertion/removal of new processes without rebuilding the whole tree.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
new feature Completely new feature
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@BenBE @cgzones @fasterit