aboutsummaryrefslogtreecommitdiff
path: root/system/forkstat/README
diff options
context:
space:
mode:
Diffstat (limited to 'system/forkstat/README')
-rw-r--r--system/forkstat/README9
1 files changed, 9 insertions, 0 deletions
diff --git a/system/forkstat/README b/system/forkstat/README
new file mode 100644
index 0000000000000..0ca19a6e644fe
--- /dev/null
+++ b/system/forkstat/README
@@ -0,0 +1,9 @@
+forkstat (process fork/exec/exit monitoring tool).
+
+Forkstat is a program that logs process fork(), exec() and exit() activity.
+It is useful for monitoring system behaviour and to track down rogue processes
+that are spawning off processes and potentially abusing the system.
+
+Note that forkstat uses the Linux netlink connector to gather process activity
+and this may miss events if the system is overly busy.
+Netlink connector also requires root privilege.