Guest_imported
New member
- Jan 1, 1970
- 0
I am the developer responsible for developing our Unix monitoring program. The monitor is tasked with capturing executions of programs on a Unix system. In other platforms such as Solaris and AIX this task is accomplished through kernel modules that receive an asynchronous notification of process fork() and exec() calls. This enables me to capture PID and executable name from the kernel and then retrieve user data such as UID, execution arguments, SID, etc... The benefit of these notifications is that they do not interrupt the processing of the monitored system and the guarantee that any process started no matter how short lived will be captured. (Unlike polling which can miss short lived processes that start and end between polling intervals)
What I require for HP/UX 10.20 and up is the ability to instrument the kernel in order to get notifications of fork()'s and exec()'s. There is only one API call in this interface ki_call(long, ...). Does anyone have source code that I can use to satisfy my request?
Thank you,
Marshall Saidel msaidel@isogon.com
What I require for HP/UX 10.20 and up is the ability to instrument the kernel in order to get notifications of fork()'s and exec()'s. There is only one API call in this interface ki_call(long, ...). Does anyone have source code that I can use to satisfy my request?
Thank you,
Marshall Saidel msaidel@isogon.com