c++ linux monitor processes for sigsegv

Question

I want to write a c++ program for linux which monitors all processes running and write to a log file when any of those processes crashes due to sigsegv.

Is it possible to do this and if so what should I learn in order to implement it in c++?

Answer 1

Trying to monitor all processes on the system would be onerous. If you are interested in SIGSEGV specifically, you might want to consider installing yourself as core dump handler instead. It will not catch processes that have asked to have core dumps disabled ( ulimit -c 0 ), but you will get all others.

echo "|usr/local/sbin/crashcollector" >/proc/sys/kernel/core_pattern

Now /usr/local/sbin/crashcollector will be called with the core dump on its standard input every time a process crashes. This program can do whatever it wants, such as save the core dump and/or notify something else.

Answer 2

I expect you are going to catch all processes crash event. Using ptrace is an approach, but it is very complex, you need to trace all processes and attach to new processes created later, also you'll hit performance penalty.

You can catch all processes crash event by hook coredump :

echo "|yourcoredumphook" > /proc/sys/kernel/core_pattern

this will enable coredump hook, when a process terminated, yourcoredumphook will be started as root with coredump sent through stdin, so you can figure out which process terminated by analysis the coredump

Answer 3

You probably want to use ptrace for this. Take a look at this question: how to intercept linux signals ? (in C)

I imagine doing this for all processes would require a re-implementation of init, or perhaps a system that monitors the sys directory to call ptrace for each process.