compiler가 없는 환경을 위해 컴파일된 바이너리를 추가한다.

travis ci 사용시 아래 패키지 설치하는 구문 추가

• github.com/urfave/cli

Hey there, cool project. I'm a big fan of the "original" forkstat but I love to see C stuff ported to golang

I'm curious if you have any interest in adding one or two specific features, or if you strongly prefer to remain as a 1:1 / clone of the C version and avoid "creeping featurism", as they say - or put another way, "random features some weird dude will use, but nobody else" ;)

I have two very specific things in mind that I've already implemented in the C version of forkstat out of necessity - though the implementation was very hastily thrown together and not something I consider done (hard-coded lists of patterns rather than CLI options, only actually basic substring matching rather than using a regex implementation, etc. The matching also needs a bit of review to ensure the filter has as fast of a patch as possible, to remediate the race conditions that I encounter regularly in the vanilla forkstat (more on that below, see the item labeled number 2)

Anyway, the two features are closely related: custom granular noise filtering, implemented roughly as:

• A configuration file or CLI option to blacklist or whitelist the comm value. This could be regex or something a little simpler, but either way, string pattern matching and fast path out of processing the event if it doesn't match
• A configuration file or CLI option to blacklist or whitelist based upon being a descendant of a certain PPID (immediate parent, or grandparent, great grandparent, etc.) For example, you could specify that you're only interested in children of pid 12345, which may be some process that spawns a lot of threads or forks that you have some interest in

I do a lot of fiddling with embedded systems/proprietary software and having those features helps a LOT to observe system-wide behavior; but because when monitoring execs, EVERY exec system call is processed, you end up with two problems:

1. A lot of noise, especially for the devices that do silly things like popen("cat /proc/meminfo") every second rather than just reading /proc/meminfo - yes, this is real example that I've seen multiple times, along with variations (df -h, du, uptime - just dumb decisions...) ... anyway
2. The occasional race condition, where you don't get the info on the process before it exits; since the event only includes the PID, you probably recall from writing this that you have to then read info from /proc/<pid>/*. Especially with IoT devices that may have a single core and a lot of very quickly completing commands, you end up not being able to even retrieve the comm info before it's gone, because the process exited

For dealing with noise, you can of course use grep -P <regex> or grep -Pv <regex> to filter what you don't need, but it doesn't help with item 2 (losing the race to pull the metadata from /proc/<pid>/, because the relatively expensive path of retrieving the /proc/<pid>/ info will of course still happen, even for the processes that will ultimately be filtered out by grep

Ultimately I may end up finishing and cleaning up the C fork I have, but had to ask what you thought

I'll be perfectly honest, I'm not very strong with golang- my C is much, much better. I've only contributed a few bug-fixes and features to a half dozen golang projects, and it was slow for me, and I missed a lot of golang idioms/patterns. I would do my best to contribute PRs if you were interested, but between my weakness with golang and the time I have available, I don't want to overpromise

Thanks again!

EDIT: Probably should ask if you're still alive / if the repo is still maintained - just realized it's 7 years old (!!!)

/proc/stat 에서 boottime를 가져오는 함수 작성.
psutil 참고

Netlink Connector 타입증 CN_PROC를 이용해 프로세스 이벤트 정보를 수집하고 출력하는 기능을 개발한다.

• Container 확인
• kernel 쓰레드 확인
  함수 추과 .

구분자가 /x00이 아닌듯함. 원인 분석 및 수정 필요

forkstat 은 아래와 같이 처리함

type struct Stats { name string count [EVENT_MAX]uint64 total uint64 }

다른 형태도 고려해보고 진행 .

.

add travisci configuration

default logger를 통해 로그를 출력하고 있음

Linux 시스템에서 사용하는 ClockTick를 가져오는 함수를 작성한다.
/proc/*에서 제공하는 대부분의 정보가 ClockTick단위이므로 ClockTick로 나눠야 초단위 값을 가져올 수 있다.

아래 정보는 필수임
type Process struct { pid int cmdline string kernel_thread bool start_time Time }

필수 정보를 포함하는 구조체 정의 하시오~~

-D, --duration 옵션의 기능을 구현한다.

monitor 모듈과 관련한 테스트 코드를 작성한다.

.

path.Base()가 file path에 대해서만 동작하도록 수정 요망.

.