-
Notifications
You must be signed in to change notification settings - Fork 165
/
process.yaml
158 lines (157 loc) · 5.63 KB
/
process.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
groups:
- id: registry.process
prefix: process
type: resource
brief: >
An operating system process.
attributes:
- id: pid
type: int
brief: >
Process identifier (PID).
examples: [1234]
- id: parent_pid
type: int
brief: >
Parent Process identifier (PPID).
examples: [111]
- id: vpid
type: int
brief: >
Virtual process identifier.
note: >
The process ID within a PID namespace. This is not necessarily unique
across all processes on the host but it is unique within the process
namespace that the process exists within.
examples: [12]
- id: session_leader.pid
type: int
brief: >
The PID of the process's session leader. This is also the session ID
(SID) of the process.
examples: [14]
- id: group_leader.pid
type: int
brief: >
The PID of the process's group leader. This is also the process group
ID (PGID) of the process.
examples: [23]
- id: executable.name
type: string
brief: >
The name of the process executable. On Linux based systems, can be set
to the `Name` in `proc/[pid]/status`. On Windows, can be set to the
base name of `GetProcessImageFileNameW`.
examples: ['otelcol']
- id: executable.path
type: string
brief: >
The full path to the process executable. On Linux based systems, can
be set to the target of `proc/[pid]/exe`. On Windows, can be set to the
result of `GetProcessImageFileNameW`.
examples: ['/usr/bin/cmd/otelcol']
- id: command
type: string
brief: >
The command used to launch the process (i.e. the command name). On Linux
based systems, can be set to the zeroth string in `proc/[pid]/cmdline`.
On Windows, can be set to the first parameter extracted from `GetCommandLineW`.
examples: ['cmd/otelcol']
- id: command_line
type: string
brief: >
The full command used to launch the process as a single string representing
the full command. On Windows, can be set to the result of `GetCommandLineW`.
Do not set this if you have to assemble it just for monitoring; use
`process.command_args` instead.
examples: ['C:\cmd\otecol --config="my directory\config.yaml"']
- id: command_args
type: string[]
brief: >
All the command arguments (including the command/executable itself) as
received by the process. On Linux-based systems (and some other Unixoid
systems supporting procfs), can be set according to the list of
null-delimited strings extracted from `proc/[pid]/cmdline`. For libc-based
executables, this would be the full argv vector passed to `main`.
examples: ['cmd/otecol', '--config=config.yaml']
- id: env_vars
type: string[]
brief: >
Array of environment variable bindings.
note: >
As environment variables may change during a process's lifespan, this SHOULD be
captured as a snapshot when the event occurred.
This SHOULD be filtered to protect sensitive information.
examples: ['PATH=/usr/local/bin;/usr/bin', 'USER=ubuntu']
- id: owner
type: string
brief: >
The username of the user that owns the process.
examples: ['root']
- id: user.id
type: int
brief: >
The effective user ID (EUID) of the process.
examples: [1001]
- id: user.name
type: string
brief: >
The username of the effective user of the process.
examples: ['root']
- id: real_user.id
type: int
brief: >
The real user ID (RUID) of the process.
examples: [1000]
- id: real_user.name
type: string
brief: >
The username of the real user of the process.
examples: ['operator']
- id: saved_user.id
type: int
brief: >
The saved user ID (SUID) of the process.
examples: [1002]
- id: saved_user.name
type: string
brief: >
The username of the saved user.
examples: ['operator']
- id: runtime.name
type: string
brief: >
The name of the runtime of this process. For compiled native binaries,
this SHOULD be the name of the compiler.
examples: ['OpenJDK Runtime Environment']
- id: runtime.version
type: string
brief: >
The version of the runtime of this process, as returned by the runtime
without modification.
examples: '14.0.2'
- id: runtime.description
type: string
brief: >
An additional description about the runtime of the process, for example
a specific vendor customization of the runtime environment.
examples: 'Eclipse OpenJ9 Eclipse OpenJ9 VM openj9-0.21.0'
- id: start
type: string
brief: >
The date and time the process started, in ISO 8601 format.
examples: ['2023-11-21T09:25:34.853Z']
- id: end
type: string
brief: >
The date and time the process ended, in ISO 8601 format.
examples: ['2023-11-21T09:26:12.315Z']
- id: exit_code
type: int
brief: >
The exit code of the process.
examples: [127]
- id: interactive
type: boolean
brief: >
Whether the process is connected to an interactive shell.