diff options
Diffstat (limited to 'system/forkstat/README')
-rw-r--r-- | system/forkstat/README | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/system/forkstat/README b/system/forkstat/README new file mode 100644 index 0000000000000..0ca19a6e644fe --- /dev/null +++ b/system/forkstat/README @@ -0,0 +1,9 @@ +forkstat (process fork/exec/exit monitoring tool). + +Forkstat is a program that logs process fork(), exec() and exit() activity. +It is useful for monitoring system behaviour and to track down rogue processes +that are spawning off processes and potentially abusing the system. + +Note that forkstat uses the Linux netlink connector to gather process activity +and this may miss events if the system is overly busy. +Netlink connector also requires root privilege. |