Monitoring class for process data collection #5747

jseg380 · 2024-09-18T13:43:03Z

Description

This PR includes the development done to implement Monitoring class for process data collection, as well as the documentation related to its use.

Related to wazuh/wazuh#24683

Added Bytes (B) as unit of disk usage tracking. Removed optional type of parameter in method _get_partition_for_path.

rafabailon

Great Job! I've tested the code and it seems to work correctly. I've left a few comments, mostly about styles.

deps/wazuh_testing/wazuh_testing/process_resource_monitoring/README.md

...esting/wazuh_testing/process_resource_monitoring/src/process_resource_monitoring/__init__.py

...uh_testing/process_resource_monitoring/src/process_resource_monitoring/disk_usage_tracker.py

...testing/wazuh_testing/process_resource_monitoring/src/process_resource_monitoring/monitor.py

deps/wazuh_testing/wazuh_testing/process_resource_monitoring/src/wazuh_metrics.py

Rebits

Great Job!

Some minor changes are requested.

Remember that some unitary tests are mandatory for new development

...uh_testing/process_resource_monitoring/src/process_resource_monitoring/disk_usage_tracker.py

deps/wazuh_testing/wazuh_testing/process_resource_monitoring/README.md

deps/wazuh_testing/wazuh_testing/process_resource_monitoring/src/wazuh_metrics.py

deps/wazuh_testing/wazuh_testing/process_resource_monitoring/README.md

Removed specific references of Wazuh installation to make it more generic. Changed format of numbers in CSV to have 3 decimal values. Modified the percentage of the disk to be in [0.0, 100.0] instead of [0.0, 1.0]

Rebits · 2024-09-27T08:39:23Z

During the final review, several issues were detected regarding the current approach

Not handling of exception

Subprocess is killed during the monitoring

During the monitoring of a multiprocess program, it appears that failures

Traceback (most recent call last):
  File "/home/rebits/Wazuh/monitor/lib/python3.10/site-packages/psutil/_pslinux.py", line 1717, in wrapper
    return fun(self, *args, **kwargs)
  File "/home/rebits/Wazuh/monitor/lib/python3.10/site-packages/psutil/_common.py", line 508, in wrapper
    raise raise_from(err, None)
  File "<string>", line 3, in raise_from
  File "/home/rebits/Wazuh/monitor/lib/python3.10/site-packages/psutil/_common.py", line 506, in wrapper
    return fun(self)
  File "/home/rebits/Wazuh/monitor/lib/python3.10/site-packages/psutil/_pslinux.py", line 1780, in _parse_stat_file
    data = bcat("%s/%s/stat" % (self._procfs_path, self.pid))
  File "/home/rebits/Wazuh/monitor/lib/python3.10/site-packages/psutil/_common.py", line 851, in bcat
    return cat(fname, fallback=fallback, _open=open_binary)
  File "/home/rebits/Wazuh/monitor/lib/python3.10/site-packages/psutil/_common.py", line 839, in cat
    with _open(fname) as f:
  File "/home/rebits/Wazuh/monitor/lib/python3.10/site-packages/psutil/_common.py", line 799, in open_binary
    return open(fname, "rb", buffering=FILE_READ_BUFFER_SIZE)
FileNotFoundError: [Errno 2] No such file or directory: '/proc/42457/stat'

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/home/rebits/Wazuh/monitor/lib/python3.10/site-packages/psutil/__init__.py", line 355, in _init
    self.create_time()
  File "/home/rebits/Wazuh/monitor/lib/python3.10/site-packages/psutil/__init__.py", line 757, in create_time
    self._create_time = self._proc.create_time()
  File "/home/rebits/Wazuh/monitor/lib/python3.10/site-packages/psutil/_pslinux.py", line 1717, in wrapper
    return fun(self, *args, **kwargs)
  File "/home/rebits/Wazuh/monitor/lib/python3.10/site-packages/psutil/_pslinux.py", line 1948, in create_time
    ctime = float(self._parse_stat_file()['create_time'])
  File "/home/rebits/Wazuh/monitor/lib/python3.10/site-packages/psutil/_pslinux.py", line 1726, in wrapper
    raise NoSuchProcess(self.pid, self._name)
psutil.NoSuchProcess: process no longer exists (pid=42457)

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/home/rebits/Wazuh/monitor/lib/python3.10/site-packages/process_resource_monitoring/monitor.py", line 244, in set_process
    self._proc = psutil.Process(self._pid)
  File "/home/rebits/Wazuh/monitor/lib/python3.10/site-packages/psutil/__init__.py", line 319, in __init__
    self._init(pid)
  File "/home/rebits/Wazuh/monitor/lib/python3.10/site-packages/psutil/__init__.py", line 368, in _init
    raise NoSuchProcess(pid, msg=msg)
psutil.NoSuchProcess: process PID not found (pid=42457)

The above exception was the direct cause of the following exception:

Traceback (most recent call last):
  File "/home/rebits/Wazuh/monitor/bin/wazuh-process-metrics", line 8, in <module>
    sys.exit(main())
  File "/home/rebits/Wazuh/monitor/lib/python3.10/site-packages/wazuh_process_metrics.py", line 309, in main
    monitors_healthcheck(options, process_list)
  File "/home/rebits/Wazuh/monitor/lib/python3.10/site-packages/wazuh_process_metrics.py", line 221, in monitors_healthcheck
    if check_monitors_health(options):
  File "/home/rebits/Wazuh/monitor/lib/python3.10/site-packages/wazuh_process_metrics.py", line 193, in check_monitors_health
    monitor = Monitor(
  File "/home/rebits/Wazuh/monitor/lib/python3.10/site-packages/process_resource_monitoring/monitor.py", line 100, in __init__
    self.set_process()
  File "/home/rebits/Wazuh/monitor/lib/python3.10/site-packages/process_resource_monitoring/monitor.py", line 246, in set_process
    raise ValueError(f'The process {self._process_name} is not running.') from err
ValueError: The process wazuh_apid.py_child_1 is not running.

The tool should be capable of handling this

The presence of zombie process makes the tool fail

If a zombie process is present in the system, the whole monitoring fails:

Traceback (most recent call last):
  File "/home/rebits/Wazuh/monitor/bin/wazuh-process-metrics", line 8, in <module>
    sys.exit(main())
  File "/home/rebits/Wazuh/monitor/lib/python3.10/site-packages/wazuh_process_metrics.py", line 288, in main
    process_pids = Monitor.get_process_pids(process)
  File "/home/rebits/Wazuh/monitor/lib/python3.10/site-packages/process_resource_monitoring/monitor.py", line 118, in get_process_pids
    if any(filter(lambda x: f'{process_name}' in x, proc.cmdline())):
  File "/home/rebits/Wazuh/monitor/lib/python3.10/site-packages/psutil/__init__.py", line 724, in cmdline
    return self._proc.cmdline()
  File "/home/rebits/Wazuh/monitor/lib/python3.10/site-packages/psutil/_pslinux.py", line 1717, in wrapper
    return fun(self, *args, **kwargs)
  File "/home/rebits/Wazuh/monitor/lib/python3.10/site-packages/psutil/_pslinux.py", line 1856, in cmdline
    self._raise_if_zombie()
  File "/home/rebits/Wazuh/monitor/lib/python3.10/site-packages/psutil/_pslinux.py", line 1761, in _raise_if_zombie
    raise ZombieProcess(self.pid, self._name, self._ppid)

Logging

Tool logging does not differ, contrary to the CSV data, from different iterations of the tool. This should be included in the same directory as the CSV data

Reports

Obtained reports are included in a difficult-to-read time-date format
Several CSVs are created using the same process. Even the child process should be included in the same CSV, otherwise, it would be really hard to handle this data

➜  Desktop tree -l  /tmp/process_metrics
/tmp/process_metrics
├── 27-09-2024
│   ├── 1727423503
│   │   ├── wazuh_apid_29459.csv
│   │   ├── wazuh_apid_39133.csv
│   │   ├── wazuh_apid_39134.csv
│   │   ├── wazuh_apid_39135.csv
│   │   ├── wazuh_apid_39136.csv
│   │   ├── wazuh_apid_39137.csv
│   │   ├── wazuh_apid_39242.csv
│   │   ├── wazuh_apid_39243.csv
│   │   ├── wazuh_apid_child_1.csv
│   │   ├── wazuh_apid_child_2.csv
│   │   ├── wazuh_apid_child_3.csv
│   │   ├── wazuh_apid_child_4.csv
│   │   ├── wazuh_apid_child_5.csv
│   │   └── wazuh_apid.csv
│   └── 1727425589
│       ├── wazuh_apid_29459.csv
│       ├── wazuh_apid_42457.csv
│       ├── wazuh_apid_42458.csv
│       ├── wazuh_apid_42459.csv
│       ├── wazuh_apid_42460.csv
│       ├── wazuh_apid_42461.csv
│       ├── wazuh_apid_42488.csv
│       ├── wazuh_apid_42489.csv
│       ├── wazuh_apid_child_1.csv
│       ├── wazuh_apid_child_2.csv
│       ├── wazuh_apid_child_3.csv
│       ├── wazuh_apid_child_4.csv
│       ├── wazuh_apid_child_5.csv
│       └── wazuh_apid.csv
└── wazuh-resource-metrics.log

jseg380 and others added 2 commits September 18, 2024 15:33

Initial upload

4bc0e8f

style: remove comment

bf81d03

jseg380 self-assigned this Sep 18, 2024

jseg380 added 4 commits September 18, 2024 16:04

fix: replaced dot characters from reports

b480d68

refactor: delete unnecessary tests

6b0fd7a

style: removed unnecessary quotes and tmp file

fc57128

fix: added specific folder for files CSV

16139b9

Added Bytes (B) as unit of disk usage tracking. Removed optional type of parameter in method _get_partition_for_path.

jseg380 mentioned this pull request Sep 18, 2024

Benchmarking tests: Monitoring class for process data collection wazuh/wazuh#24683

Closed

5 tasks

jseg380 marked this pull request as ready for review September 18, 2024 16:56

jseg380 linked an issue Sep 18, 2024 that may be closed by this pull request

Benchmarking tests: Monitoring class for process data collection wazuh/wazuh#24683

Closed

5 tasks

change: removed linter references

62109a2

rafabailon requested changes Sep 20, 2024

View reviewed changes

jseg380 added 3 commits September 20, 2024 18:50

fix: changed python to python3 in README

49d6acc

style: added missing blank lines

42bdbf6

fix: fixed returns values in docstrings

888fbfb

Rebits requested changes Sep 23, 2024

View reviewed changes

deps/wazuh_testing/wazuh_testing/process_resource_monitoring/README.md Outdated Show resolved Hide resolved

jseg380 added 12 commits September 24, 2024 12:26

docs: added missing public methods

7349859

style: removed explicit Wazuh references

8085b99

Removed specific references of Wazuh installation to make it more generic. Changed format of numbers in CSV to have 3 decimal values. Modified the percentage of the disk to be in [0.0, 100.0] instead of [0.0, 1.0]

docs: do not use abbreviations

6276561

refactor: removed unused variables

4cd8468

fix: set invalid values to detect failure

a189666

feat: splitted script into separate scripts

24dc635

docs: splitted script into separate scripts

2b839d3

docs: fixed invalid md reference

ac8d15f

change: remove unnecessary instance attribute

ed36ad4

feat: track processes that spawn post-startup

067d45b

fix: uncaught ValueError caused early finish

c957294

docs: fixed docstrings and type hinting

d4c2d44

Rebits approved these changes Sep 27, 2024

View reviewed changes

Rebits merged commit 18dd570 into enhacement/24586-benchmark-tests Sep 27, 2024

Rebits deleted the enhancement/24683-process-resource-monitoring branch September 27, 2024 09:36

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Monitoring class for process data collection #5747

Monitoring class for process data collection #5747

jseg380 commented Sep 18, 2024

rafabailon left a comment

Rebits left a comment

Rebits commented Sep 27, 2024

Monitoring class for process data collection #5747

Monitoring class for process data collection #5747

Conversation

jseg380 commented Sep 18, 2024

Description

rafabailon left a comment

Choose a reason for hiding this comment

Rebits left a comment

Choose a reason for hiding this comment

Rebits commented Sep 27, 2024

Not handling of exception

Subprocess is killed during the monitoring

The presence of zombie process makes the tool fail

Logging

Reports