UNIX process monitor
Jeff Kinz
jkinz at kinz.org
Mon Nov 21 21:48:56 EST 2005
On Mon, Nov 21, 2005 at 09:46:06PM -0500, Tom Metro wrote:
> Over the weekend I received some unusual looking email from one of the
> monitoring tools I run on my mail server, and while investigating it I
> discovered that a bunch of instances of a program I use to download
> email from a Yahoo! account were stuck in endless loops and filling up
> my process table (due to a data provoked bug). (The alert email I
> received had nothing directly to do with the hung processes.)
...........................
>
> It really needs to be smarter. What I'd really like is a program that
> runs for a week or so in learning mode, develops a database of what is
> "normal" and then sends alerts for when it notices unusual behavior.
>
> Does anyone know of a tool that does this? I'm sure there are intrusion
> detection tools that incorporate this, but following the UNIX
> philosophy, I'd rather use a tool that specifically addressed this need.
sounds like you want to calculate the standard deviation (SD) and then
alert when the behavior exceeds SD by some percentage, say anything over
10-15%.
Just a thought.
>
--
Jeff Kinz, Emergent Research, Hudson, MA.
speech recognition software may have been used to create this e-mail
More information about the Discuss
mailing list