Microsoft's free process monitoring tool for Linux 'ProcMon' Review, you can check the execution time for each system call etc.



Microsoft will port the process monitoring tool '

Process Monitor(ProcMon) ' included in the Windows troubleshooting tools ' Windows Sysinternals ' to Linux. This Linux version of ProcMon was released as open source software, and a preview version was released at once, so I actually tried using it.

GitHub-microsoft/ProcMon-for-Linux: Procmon is a Linux reimagining of the classic Procmon tool from the Sysinternals suite of tools for Windows.Procmon provides a convenient and efficient way for Linux developers to trace the syscall activity on the system.
https://github.com/microsoft/ProcMon-for-Linux



The system requirements for using Linux version ProcMon are as follows. At the time of writing the article, it only supports Ubuntu 18.04, but in the future it will also support major distributions such as RHEL and CentOS.

-OS: Ubuntu 18.04 LTS (kernel version 4.18 or higher, 5.3 or lower)
Cmake (version 3.14 or higher, only needed when building)
・Libsqlite3-dev (Version 3.22 or later, only required when building)

This time, install ProcMon on the following system.



First, execute the following command to install the packages required for ProcMon build. Install libssl-dev because OpenSSL library is required for compiling CMake that will be installed later.

[code]sudo apt-get -y install bison build-essential flex git libedit-dev \
libllvm6.0 llvm-6.0-dev libclang-6.0-dev python zlib1g-dev libelf-dev libsqlite3-dev libssl-dev[/code]



I also wanted to install CMake via apt, but the version of CMake present in the Ubuntu 18.04 repository was old and could not meet the system requirements, so I ran the following command to compile and install manually ..

[code]wget https://github.com/Kitware/CMake/releases/download/v3.18.0/cmake-3.18.0.tar.gz
tar zxvf cmake-3.18.0.tar.gz
cd cmake-3.18.0
./bootstrap && make && sudo make install[/code]



Then run the following command to install BCC.

[code]sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 4052245BD4284CDD
echo 'deb https://repo.iovisor.org/apt/$(lsb_release -cs) $(lsb_release -cs) main' | sudo tee /etc/apt/sources.list.d/iovisor.list
sudo apt-get update
sudo apt-get install bcc-tools libbcc-examples linux-headers-$(uname -r)[/code]



Return to your home directory and run the following command to install ProcMon.

[code]git clone https://github.com/Microsoft/Procmon-for-Linux
mkdir Procmon-for-Linux/build
cd Procmon-for-Linux/build
cmake ..
make[/code]



Executable file is created under the directory, so execute the following command to execute ProcMon.

[code]sudo ./procmon[/code]



The screen of ProcMon looks like this. From the left, the time stamp, process ID, process name, system call name, execution result, and execution time (milliseconds) are displayed.



Select the system call for which you want to check details and press the Enter key. In addition to the information displayed on the screen, you can check the

stack trace .



You can sort the system calls by item by pressing the F2 key.



The F3 key allows you to search for system calls by process ID or process name. Press F3 on the search screen to move to the next item.



To filter the system calls you see, press F4 and enter the name of the process you want to filter.



It is possible to dump the system call data collected by ProcMon by pressing the F6 key. You can read the dumped data by specifying a file with the '-f' option when starting PcomMon.



The F8 key is used to display system call statistics. On the statistical information screen, it is possible to check the number of times for each system call and the total time.



Press F9 to exit ProcMon. Although it was still a preview version, there were some cases where the graphics were distorted or the operation became heavy, but it was a useful tool in the situation where I want to monitor the Linux system centering on system calls.



in Review,   Software, Posted by darkhorse_log