[PATCH 0/7] [RFC] kernel: add a netlink interface to get information about processes
From: Pavel Odintsov
Date: Thu Feb 19 2015 - 07:50:41 EST
It's very useful patches and they can do my tasks simpler and faster.
In my day to day work I working with Linux servers with enormous
amount of processes (~25 000 per server). This servers run multiple
hundreds of Linux containers.
If I want analyze processor load, network load or check something else
I use top/atop/htop/netstat. But they work very slow and consume
significant amount of CPU power for parsing multiple thousands text
files in /proc (like /proc/tcp, /proc/udp, /proc/status,
Some time ago I worked on malware detection toolkit for Linux -
Antidoto (https://github.com/FastVPSEestiOu/Antidoto) which uses /proc
filesystem very deeply. For detecting malware I need check every
descriptor, every sockets and get complete information about all
processes on system.
But with current text file based architecture of /proc I can't achieve
suitable speed of my toolkit.
For example, there you can look at time of processing all network
connections for server with 20244 processes with
As you can see this time is very huge but I use latest CPUs from Intel
I have multiple ideas about complete realtime Linux server monitoring
but without ability to pull information from the Linux Kernel faster I
can't realize they.
Sincerely yours, Pavel Odintsov
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/