levonshe wrote:
> [...] Is it possible from kernel module or user space to monitor
> which processes were terminated abnormally ? [...]
Depending on the version & configuration, there exist both kernel
tracepoints and kprobe/jprobe sites where the kernel side of these
events may be hooked. You may be able to attach to each of those from
userspace via perf.
For comparison, systemtap chooses whatever facility is available in your
kernel, by internally mapping the abstract "signal.send" name into a
list of candidates.
# stap -e '
probe signal.send {
if (sig_name == "SIGKILL")
printf("%s was sent to %s (pid:%d) by %s uid:%d\n",
sig_name, pid_name, sig_pid, execname(), uid())
}'
- FChE
_______________________________________________
Kernelnewbies mailing list
[email protected]
https://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
