* audit a process that disappears
@ 2010-11-09 13:25 ESGLinux
2010-11-09 17:47 ` Steve Grubb
0 siblings, 1 reply; 3+ messages in thread
From: ESGLinux @ 2010-11-09 13:25 UTC (permalink / raw)
To: linux-audit
[-- Attachment #1.1: Type: text/plain, Size: 485 bytes --]
Hi All,
I have a problem with a java application that I run on a RHEL machine. The
problem is that the java process dissapears without logging anything,
it´s like anybody outside the process gives a kill to it.
My question is with audit rules I can get any information about what is
happening with this process.
something like this:
-a entry,always -F pid=32179 -S all -k TOMCAT_JAVA
(pid=32179 is the pid of the process)
any idea,
Thanks in advance,
ESG
[-- Attachment #1.2: Type: text/html, Size: 690 bytes --]
[-- Attachment #2: Type: text/plain, Size: 0 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: audit a process that disappears
2010-11-09 13:25 audit a process that disappears ESGLinux
@ 2010-11-09 17:47 ` Steve Grubb
2010-11-10 12:10 ` ESGLinux
0 siblings, 1 reply; 3+ messages in thread
From: Steve Grubb @ 2010-11-09 17:47 UTC (permalink / raw)
To: linux-audit
On Tuesday, November 09, 2010 08:25:07 am ESGLinux wrote:
> it´s like anybody outside the process gives a kill to it.
There are 2 other possibilities and that is that it terminates abnormally or that it
"ends".
> My question is with audit rules I can get any information about what is
> happening with this process.
>
> something like this:
>
> -a entry,always -F pid=32179 -S all -k TOMCAT_JAVA
>
> (pid=32179 is the pid of the process)
You should be able to get something. You would probably just need the "kill", "exit",
and "exit_group" syscalls.
-Steve
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: audit a process that disappears
2010-11-09 17:47 ` Steve Grubb
@ 2010-11-10 12:10 ` ESGLinux
0 siblings, 0 replies; 3+ messages in thread
From: ESGLinux @ 2010-11-10 12:10 UTC (permalink / raw)
To: linux-audit
[-- Attachment #1.1: Type: text/plain, Size: 736 bytes --]
Thanks Steve,
I´m going to try it,
Greetings,
ESG
2010/11/9 Steve Grubb <sgrubb@redhat.com>
> On Tuesday, November 09, 2010 08:25:07 am ESGLinux wrote:
> > it´s like anybody outside the process gives a kill to it.
>
> There are 2 other possibilities and that is that it terminates abnormally
> or that it
> "ends".
>
>
> > My question is with audit rules I can get any information about what is
> > happening with this process.
> >
> > something like this:
> >
> > -a entry,always -F pid=32179 -S all -k TOMCAT_JAVA
> >
> > (pid=32179 is the pid of the process)
>
> You should be able to get something. You would probably just need the
> "kill", "exit",
> and "exit_group" syscalls.
>
> -Steve
>
[-- Attachment #1.2: Type: text/html, Size: 1221 bytes --]
[-- Attachment #2: Type: text/plain, Size: 0 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2010-11-10 12:10 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2010-11-09 13:25 audit a process that disappears ESGLinux
2010-11-09 17:47 ` Steve Grubb
2010-11-10 12:10 ` ESGLinux
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.