Solved

Logging of UNIX Process IDs

Posted on 2008-06-13
4
967 Views
Last Modified: 2013-12-20
In unix - and specifically HP-UX - is there extensive logging of ALL process IDs that are run?  If so, where is that log kept?

That is the question, here are some specifics.  I have a script that is run every 5 minutes out of cron, all day long.  One of the very first things I do is echo the current script's PID ($$) to a log file.  Then I check very carefully to see if that script is already running.  It should NOT be - it is run every 5 minutes and takes about 40 seconds to complete.  If it IS running, I loop for 30 seconds, up to 3 times, and check again to see if the 'other' instance of the script is running.  If that 'other' instance is running after that 1.5 minutes, I bail out and send an email.  If the 'other' disappears, the current script goes on to do its work.

The PROBLEM is - that 'other' instance sometimes shows up in my log.  And, it simply should NOT be there.  When I loop, I send the process id information to the log (ps -efx).  I can see the current instance PID.  The 'other' instance is a different PID.  Where is it coming from?

If there was a full log of every single process, I'd like to find it, and try to determine exatly where that 'other' process came from, who started it, its parent process...whatever.  I tried the cron log (/var/adm/cron/log) and that does not show what I am looking for.
0
Comment
Question by:birkdale10
4 Comments
 
LVL 20

Accepted Solution

by:
tfewster earned 125 total points
ID: 21785274
You should be able to trace the "other" process from its PPID, using the output of `ps -efx` that you've logged?

I've seen alerts from system monitoring software where there appear to be e.g. 2 copies of cron running. However when you check everything is normal. The explanation there was that when a process starts another one, it forks (so a `ps` snapshot _would_ show 2 copies of cron at that instant) before it is overlaid with the "real" child code & process name.

In your case, I suspect that the `ps` call is seeing itself in the "forked" state (Though if the child process code is actually executing, I'd have expected the "process management" to sort itself out!) If I'm right, `ps -efx` should show 2 instances of "yourscript", one the parent of the other,  and not the child instance of `ps` that you would expect to see.

Is your system particularly busy at the times you've seen this happen?
0
 
LVL 61

Expert Comment

by:gheist
ID: 21787617
PID= $??
logger Started $??
if [-f /var/run/script/it.pid] ; then
 kill -0 `cat /var/run/script/it.pid` || echo $?? > /var/run/script/it.pid
fi
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 21791554
> .. that 'other' instance sometimes shows up in my log.
is "my log" a fixed filename?
I'd use a filename like
  log=/tmp/myscript.$USER.$$.log

And keep tfewster's comment in mind.
0
 

Author Comment

by:birkdale10
ID: 21846442
All.  I am accepting tfewster's solution.  I added more logging to the script, and let it run on our development system for over a week.  I can't find a 'forked' process.  But, on the other hand, the 'errors' that were happening almost daily in the production system have tapered off - only one in a week, and none since the Unix Admin disabled a system monitoring program that seemed to be using up to 97% of CPU cycles.  So, I'm putting this whole subject on a back burner at work.
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
aix tls version 6 161
NotAlone Challenge 20 72
Can I delete authorized_keys in FreeBSD 1 60
Path of Workbook 3 45
Introduction: Dialogs (1) modal - maintaining the database. Continuing from the ninth article about sudoku.   You might have heard of modal and modeless dialogs.  Here with this Sudoku application will we use one of each type: a modal dialog …
Using libpcap/Jpcap to capture and send packets on Solaris version (10/11) Library used: 1.      Libpcap (http://www.tcpdump.org) Version 1.2 2.      Jpcap(http://netresearch.ics.uci.edu/kfujii/Jpcap/doc/index.html) Version 0.6 Prerequisite: 1.      GCC …
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
This video will show you how to get GIT to work in Eclipse.   It will walk you through how to install the EGit plugin in eclipse and how to checkout an existing repository.

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now