-2

I have a situation in which I need to monitor processes starting. I have found lots of ways to see what processes are running at any given moment (e.g. by polling), but sometimes processes start and end between polling intervals.

I need to know every process that ever starts (even if it's not running anymore - essentially, some way of logging every "start process"); best of all, I need a way to do it on both a Windows machine, and a way to do it on a Linux box.

Moschops
  • 101
  • ***WHY?*** -- What specific, practical problem are you trying to solve? – voretaq7 Dec 09 '13 at 18:12
  • The specific practical application was to observe software being built and identify every source file (and some associated settings), by seeing the compiler being called and taking the compilation information from the process command line. – Moschops Dec 01 '14 at 20:09

1 Answers1

1

The two platforms' process models are so different that a unified tool for them doesn't seem possible. There are several dozen commercial windows tools for this, most of which ultimately run off of the performance counter system, which you could just use directly.

In the Linux world, you can do this if BSD Process Accounting is enabled in your kernel; the userland tool I see most often for this is auditd, from RedHat.

Bandrami
  • 893
  • 4
  • 9
  • Unified way not needed; as stated, I need a way to do it on a Windows machine, and a way to do it on a Linux machine. – Moschops Dec 01 '14 at 20:09