Linux Process Monitoring Tool: Easy Resource Monitoring Features

November 16, 2011 | By
| Reply More

Process Resource Monitor (PRM).

PRM is a CPU, memory, processes and run (elapsed) time resource monitor for Linux systems. It does this by monitoring the process table on a given system and matches process id's with set resource limits in the configuration file or per-process based rules. Process id's that match or exceed the set limits are logged and killed and alerts can be sent to email addresses. PRM’s resource monitoring feature can be controlled through a number of ignore options, ability to configure soft/hard kill triggers, wait/recheck timings and to send kill signals to parent/children process trees.

Installation.

1. Download the source package:

wget http://www.rfxnetworks.com/downloads/prm-current.tar.gz

2. Extract the compressed source file:

tar –xvzf prm-current.tar.gz

3. Run the installation script:

cd prm-*
./install.sh

Configuration.

The configuration file of PRM installation can be found at “/usr/local/prm/conf.prm”. We can go through the main configuration parameters of PRM here.

1. IGNORE_ROOT="1"

This tells PRM to ignore any root owned processes, however, when the KILL_PARENT option is set, root owned parent processes will still be subject to kill.

2. IGNORE=""

This is an important option and is the recommended method for ignoring when using the rules system. The accepted values are basic and extended regexp, which use pipes (|) as a spacer. For example, IGNORE="^httpd$|^sendmail$", when placed in a rule called nobody.user, would ignore any processes under user nobody that have the command name of exactly "httpd" or "sendmail".

3. USR_ALERT="1"

This will enable user e-mail alerts.

4. USR_ADDR="root, you@domain.com"

This will configure e-mail addresses for receiving alerts.

5. MIN_LOAD="1"

PRM optionally has a required load average for running. If the load is not equal to or greater than this value; PRM will not run.

6. KILL_TRIG="3"

KILL_WAIT="10"

These values control the soft rechecks of a process, allowing for a process to have its resources rechecked TRIG times with WAIT time between checks, giving a bit of margin for a process to "burst" resources and come back into normal use. The max time to kill a process is equal to TRIG*WAIT, these values can be set 0 if you want to instantly kill offending processes.

7. MAXCPU="40"

The max percentage of CPU that a process can safely use before PRM flags it for killing.

8. MAXMEM="20"

Maximum memory usage readout for a process - % of system total memory that a process is allowed to use.

9. KILL_PARENT="1"

This is an important option that should in most cases be enabled; it allows for the parent process and children of the parent to be killed. This is important as when a process is created by a parent threader (such as Apache), when the child disappears, the parent will simply fork off a new child thread to replace it.

RULE files for PRM.

The rules system has two methods of use, the first is a user based rule and the second is a process command based rule. The rules path is located at /usr/local/prm/rules/ and the naming conventions are as follows:

USERNAME.user
COMMAND.cmd

Example rule file, rules/nobody.user:

IGNORE="^httpd$|^suexec$|^suphp$|^cgiwrap$|^spamd$"
MAX_CPU="50"
MAX_MEM="10"
MAX_PROC="25"
KILL_TRIG="3"
KILL_WAIT="10"
# We need to kill parent here otherwise the HTTP Request that spawned the
# script we are trying to kill, will probably just respawn it.
KILL_PARENT="1"
KILL_SIG="9"
KILL_RESTART_CMD="/etc/init.d/httpd restart"

Automatic Execution of PRM.

The executable program resides in '/usr/local/prm/prm' and '/usr/local/sbin/prm'. The prm executable can receive one of two arguments:

-s Standard run
-q Quiet run

The default execution of PRM is handled through /etc/cron.d/prm and set to run at 5 minute intervals.

Filed Under : LINUX HOWTO, MONITORING

Tagged With : ,

Free Linux Ebook to Download

Leave a Reply

All comments are subject to moderation.