Project

fluent-plugin-watch-process

0.01
No commit activity in last 3 years
No release in over 3 years
fluent-plugin-watch-processy-ken/fluent-plugin-watch-processHomepageDocumentationSource CodeBug Tracker
Fluentd Input plugin to collect continual process information via ps command or PowerShell pwsh command for Linux/osx/Windows. It is useful for cron/barch process monitoring.
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
 Popularity
Downloads
18,112
Stars
8
Forks
7
Watchers
7
 Releases
Current version
0.2.0
Total releases
6
First release
2014-01-16
Latest release
2021-05-30
 Issues
Open Issues
1
Closed Issues
2
Total Issues
3
Issue Closure Rate
66%
 Pull Requests
Open Pull Requests
0
Closed Pull Requests
2
Merged Pull Requests
3
Pull Request Acceptance Rate
60%
 Development
Primary Language
Ruby
Average date of last 50 commits
2017-11-12
Reverse Dependencies
0

 Dependencies

Development

appraisal
>= 0
rake
>= 0
test-unit
>= 3.1.0

Runtime

fluent-mixin-rewrite-tag-name
>= 0
fluent-mixin-type-converter
>= 0.1.0
fluentd
>= 0.14.0, < 2
 Project Readme

fluent-plugin-watch-process Build Status

Overview

Fluentd Input plugin to collect continual process information via ps command. It is useful for cron/barch process monitoring.

Use Cases

  • collect cron/batch process for long term analysis.

    • high cpu load time
    • high usage of memory
    • determine too long running task

  • output destination example

    • Elasticsearch + Kibana to visualize cron/batch process statistics. Example: example1.conf
    • save process information as audit log into AWS S3 which filename isolated by hostname. Example: example2.conf

Installation

install with gem or fluent-gem command as:

# for fluentd
$ gem install fluent-plugin-watch-process

# for td-agent
$ sudo /usr/lib64/fluent/ruby/bin/fluent-gem install fluent-plugin-watch-process -v 0.1.1

# for td-agent2 (recommend)
$ sudo td-agent-gem install fluent-plugin-watch-process -v 0.1.1

Configuration

Sample

It is a quick sample to output log to /var/log/td-agent/td-agent.log with td-agent.

<source>
  @type        watch_process
  tag          debug.batch.${hostname}  # Required
  lookup_user  batchuser                # Optional
  interval     10s                      # Optional (default: 5s)
</source>

<match debug.**>
  @type        stdout
</match>

After restarting td-agent, it will output process information to the td-agent.log like below.

$ tail -f /var/log/td-agent/td-agent.log
...snip...
2014-01-16 14:21:34 +0900 debug.batch.localhost: {"start_time":"2014-01-16 14:21:13 +0900","user":"td-agent","pid":17486,"parent_pid":17483,"cpu_time":"00:00:00","cpu_percent":1.5,"memory_percent":3.5,"mem_rss":36068,"mem_size":60708,"state":"S","proc_name":"ruby","command":"/usr/lib64/fluent/ruby/bin/ruby /usr/sbin/td-agent --group td-agent --log /var/log/td-agent/td-agent.log --daemon /var/run/td-agent/td-agent.pid","elapsed_time":21}

Syntax

  • tag (Required)

    • record output destination
    • supported tag placeholders are ${hostname} and __HOSTNAME__.

  • command (Optional)

    • execute ps command with some options
    • [default] Linux: LANG=en_US.UTF-8 && ps -ewwo lstart,user:20,pid,ppid,time,%cpu,%mem,rss,sz,s,comm,cmd
    • [default] MacOSX: LANG=en_US.UTF-8 && ps -ewwo lstart,user,pid,ppid,time,%cpu,%mem,rss,vsz,state,comm,command
    • [default] Windows: described in the next section, About Windows.

  • keys (Optional)

    • output record keys of the ps command results
    • [default] Linux, MacOSX: start_time,user,pid,parent_pid,cpu_time,cpu_percent,memory_percent,mem_rss,mem_size,state,proc_name,command
      • need to modify command too if you modify this value.
    • [default] Windows: StartTime,UserName,SessionId,Id,CPU,WorkingSet,VirtualMemorySize,HandleCount,ProcessName
      • in Windows only, you can fix this without fixing command. These keys can be specified from the properties of System.Diagnostics.Process object of .NET.
      • UserName key needs administrator privilege. You can exclude this to avoid needing administrator privilege.

  • types (Optional)

    • settings of converting types from string to integer/float.
    • [default] Linux, MacOSX: pid:integer,parent_pid:integer,cpu_percent:float,memory_percent:float,mem_rss:integer,mem_size:integer
    • [default] Windows: SessionId:integer,Id:integer,CPU:float,WorkingSet:integer,VirtualMemorySize:integer,HandleCount:integer

  • interval (Optional)

    • execute interval time
    • [default] 5s

  • lookup_user (Optional)

    • filter process owner username with comma delimited
    • [default] N/A

  • hostname_command (Optional)

    • settings for tag placeholder, ${hostname} and __HOSTNAME__. By default, it using long hostname.
    • to use short hostname, set hostname -s for this option on linux/mac.
    • [default] hostname

  • powershell_command (Optional)

    • settings for powershell command name. PowerShell Core had been renamed its command to pwsh and PowerShell 7 continues to use pwsh as its command name.
    • [default] powershell
    • [avaliables] powershell, pwsh

About Windows

Default command preset for Windows provides many of keys as below. Generally, you can pick up the columns with keys option. If you need additional keys, consider to update command option.

powershell -command "Get-Process -IncludeUserName
 | ?{$_.StartTime -ne $NULL -and $_.CPU -ne $NULL}
 | Select-Object -Property StartTime,UserName,SessionId,Id,CPU,WorkingSet,VirtualMemorySize,HandleCount,ProcessName
 | %{$_.StartTime = $_.StartTime.ToString('o'); return $_;}
 | ConvertTo-Csv -NoTypeInformation"

Confirmed versions are:

Windows version PowerShell version information Note
Windows 10 10.0.19042 (20H2) PSVersion: 5.1.19041.906 (default installed version), PSEdition: Desktop powershell_command as powershell (default)
Windows 10 10.0.19042 (20H2) PSVersion: 7.1.2, PSEdition: Core powershell_command as pwsh

Here are details of this default command.

  • Get-Process -IncludeUserName
    • Get-Process powershell command takes System.Diagnostics.Process objects.
    • IncludeUserName option is needed to take UserName.
      • this needs administrator privilege.
      • this will be omitted if keys does not contain UserName.
  • | ?{$_.StartTime -ne $NULL -and $_.CPU -ne $NULL}
    • this exlcludes some special processes that don't have some properties, such as the "Idle" process in Windows.
  • | Select-Object -Property ...
    • this takes the necessary parameters from System.Diagnostics.Process objects.
    • ... part will be automatically fixed by keys.
  • | %{$_.StartTime = $_.StartTime.ToString('o'); return $_;}
    • this fixes the format of StartTime value.
    • note: in Windows, setting the "$env:Lang" environment variable is not effective in changing the format of the output.
  • | ConvertTo-Csv -NoTypeInformation
    • this formats objects to csv strings.
    • currently, it is needed that command outputs the results in csv format.
      • this is because white space delimiter is not suitable for Windows, in which empty values are often mixed.

Note: When using with PowerShell 7 which is previously known as PowerShell Core, you must specify powershell_command parameter as pwsh. Otherwise, this plugin does not work correctly on PowerShell 7 (pwsh). This is because PowerShell Core and PowerShell 7 use different command name which is pwsh not powershell.

FAQ

  • I need hostname key in the record.
    To add the hostname key in the record, use fluent-plugin-record-reformer together.

TODO

patches welcome!

Copyright

Copyright © 2013- Kentaro Yoshida (@yoshi_ken)

License

Apache License, Version 2.0