From the question here, the OP wants to repeatedly poll the pid of a process using pidof in a shell script. Of course this is inefficient as a new process must be started for the pidof program multiple times per second (I don’t know that this is the cause of the CPU spikes in the question, but it seems likely).
Usually the way around this kind of thing in a shell script is to work with a single program that outputs the data you need on stdout and then doing some text processing if necessary. While this involves more programs to be running concurrently, it is likely to be less CPU intensive since new processes are not being continually created to for polling purposes.
So for the above question, one solution might be to have some program which outputs the names and pids of processes as they are created. Then you could do something like:
pids-names |
grep some_program |
cut -f 2 |
while read pid; do
process-pid "$pid"
done
The problem with this is that it raises a more fundamental question, how can pids and process names be printed as they are created?
I have found a program called ps-watcher, though the problem with this is that it is just a perl script which repeatedly runs ps so it doesn’t really solve the problem. Another option is to use auditd which could probably work if the log was processed directly via tail -f. An ideal solution would be simpler and more portable than this, though I will accept an auditd solution if it is the best option.
Answers:
Thank you for visiting the Q&A section on Magenaut. Please note that all the answers may not help you solve the issue immediately. So please treat them as advisements. If you found the post helpful (or not), leave a comment & I’ll get back to you as soon as possible.
Method 1
Linux-specific answer:
perf-tools contains an execsnoop that does exactly this. It uses various Linux-specific features such as ftrace. On Debian, its in the perf-tools-unstable package.
Example of me running man cat in another terminal:
<a href="https://getridbug.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="7705181803372d1e16">[email protected]</a>:~# execsnoop TIME PID PPID ARGS 17:24:26 14189 12878 man cat 17:24:26 14196 14189 tbl 17:24:26 14195 14189 preconv -e UTF-8 17:24:26 14199 14189 /bin/sh /usr/bin/nroff -mandoc -Tutf8 17:24:26 14200 14189 less 17:24:26 14201 14199 locale charmap 17:24:26 14202 14199 groff -mtty-char -Tutf8 -mandoc 17:24:26 14203 14202 troff -mtty-char -mandoc -Tutf8 17:24:26 14204 14202 grotty
I doubt there is a portable way to do this.
Method 2
There Right WayTM of doing this depends heavily on what system and kernel you are actually running on. DTrace should work on Solaris, Free/NetBSD and Linux.
For Linux specifically, you can use either ftrace (which has to be enabled at compile time – it usually is) or proc events over netlink – see the SO answer to the problem for more details (and remember to vote it up, the score ~30 vs. 0 for accepted answer looks funny). Poor man’s tracer could probably be implemented by using strace -eexec,fork (although with unreasonable overhead).
All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0