Monitoring System for OS

Monitoring the performance of operating systems and processes is essential to debug processes and systems, effectively manage system resources, making system decisions, and evaluating and examining systems. These tools are primarily divided into two main categories: real time and log-based.

Real time monitoring tools measure the current systems’ state and provide up to date information about the system performance.

Log-based monitoring tools record system performance information for post-processing, analysis, and determine trends in the system performance.

Here we present a survey of the most commonly used tools for monitoring operating system and process performance in Windows- and Unix-based systems that describes the unique challenges of real time and log-based performance monitoring.

Platforms focused

  • Linux all supported versions
  • Windows 8 onwards, windows 2008 onwards.
  • Mac OS 10.6 onwards

Monitoring means logging all events.

Features for monitoring

  • Following are the interested features, drawn along with the platform which states how it can be implemented
Features List Understanding Linux Mac Windows
Process creation and termination Monitor process creation and termination parameters like process creation time, termination time, process control block etc. Using

·  /Proc/

·  ps command

·  auditctl -a task,always

Using

·  top

·  sysctl

·  launchctl

·  launchd

·  lldb

Using

·  wmic process list

Process and memory execution (interactions) Monitoring interactions between executing process and corresponding memory Using

·  /proc/

·  ps command

·  auditctl -a task,always

Using

·  top

·  sysctl

·  launchctl

·  launchd

·  lldb

Using

·  wmic process list

Process injection Here lets take example, Suppose there are porcess which is designed to execute for longer period of time, lets take daemon. However program need to be updated in simple way without stopping execution.here we can inject code. Monitoring such injection. Using

·  ptrace

Using

·  top

File IO activity (manipulations) Mmonitoring file operations like open, read and write. Using

·  Inotify

Using

·  opensnoop

·  lsof

Using

·  FileSystemWatcher Class

File properties Monitoring file metadata Using

·  Inotify

Using

·  opensnoop

·  lsof

Using

·  FileSystemWatcher Class

Executed binary Binary executed clears all memory used. monitor

·  ptrace

Using

·  opensnoop

·  lsof

Using

·  event tracing for windows (ETW)

Registry activity (modifications) / system configuration We need to monitor configuration of os Monitor /etc/*.config files, Most of the settings which defines execution of the process stored in config files. monitor changes in /Library/Preferences/SystemConfiguration/ Monitoring changes in registry
Module (such as DLL) load loaded libraries into memory Using

·  ptrace

·  lld

Using

·  otool

using
EnumProcessModules
Network activity monitor open ports , sockets, protocols used, bandwidth utilization Using

·  netstat,

·  ss(socket statistics)

Using

·  nettop

 

Using

·  getmac

·  hostname

·  ipconfig

·  nbtstat

·  net

·  netsh

·  netstat

·  nslookup

·  pathping

·  ping

·  route

·  tracert

·  tracert

Attached devices Monitor attached external devices such as usb, external hard drives, and other input devices Using

·  ls udev

Using

·  diskutil list

similar to devcon
Network connection monitor open ports and data Using

·  netstat

·  ss

nettop Using

·  net

·  netstat

Application behavior Heuristic scanning looks for code and/or behavioral patterns Set of path maps to follow by application.
System resources Monitor memory pools, pages tables, Using

·  auditctl

·  top

·  ps

·  vmstat

Using

·  top

·  lsof

Tuning set of commands Using wmic
ASEP Registrations Unable to get what is ASEP? Is it Auto Start Entry Points? automount?? monitor Run and RunOnce form registry key
Normal Object Access Which objects come under term “Normal Objects”
Boot Arguments Monitor boot time parameters of the Linux kernel like init, nfsaddrs, no387, etc. monitoring

·  /etc/lilo.conf, /etc/grub.

Monitoring

·  nvram

Monitoring

·  Boot.ini

If you would like to share your experience with each of the features listing here or would like to build on these tools, please do share to help knowledge and expertise reach excellence..

About ryussiadmin

No Comments

Leave a Reply