Routing

hi all,

What is deamon handling command of >monitor start in >sh system process extensive? . Or how to check this command was left behind with no performing monitor stop?

Hi Arix

I dont think you will see any change in the system process when the monitor start (monitoring of log is enabled).

However you can check the history of logs monitored or started with the command

>monitor list

{master:0}
root@Device> monitor list
monitor start "messages" (Last changed Apr 21 22:45:57)

monitor start "install" (Last changed Mar 25 05:43:26)

Hope this helps

Initially we can see, that only eventd [W]rite to /var/log/messages:

root@R1% fstat /var/log/messages
USER CMD PID FD MOUNT INUM MODE SZ|DV R/W NAME
root eventd 1973 16 /var 195 -rw-rw---- 401148 w /var/log/messages <<<<<

No monitoring list at this moment:

root@R1> monitor list
No monitored files

root@R1% date; ps auxww | wc -l
Fri Apr 24 20:18:10 UTC 2020
176

Next, enable monitor:

root@R1> monitor start /var/log/messages

root@R1> monitor list
monitor start "/var/log/messages" (Last changed Apr 24 20:18:39)

Number of process not change:

root@R1% date; ps auxww | wc -l
Fri Apr 24 20:19:47 UTC 2020
176

We can see that file "/var/log/messages" [R]ead only by "cli" process:

root@R1% fstat /var/log/messages
USER     CMD          PID   FD MOUNT      INUM MODE         SZ|DV R/W NAME
root     cli         2950    4 /var        195 -rw-rw----  401554  r  /var/log/messages  <<<<<<<
root     eventd      1973   16 /var        195 -rw-rw----  401554  w  /var/log/messages

Stoping:

root@R1> monitor stop
root@R1>

root@R1% fstat /var/log/messages
USER     CMD          PID   FD MOUNT      INUM MODE         SZ|DV R/W NAME
root     eventd      1973   16 /var        195 -rw-rw----  403470  w  /var/log/messages

So i think that this functional is implemented in "cli" process.