# 利用Metricbeat追蹤Zombie process [toc] > {%hackmd BJrTq20hE %} > 官網資訊 : [https://www.elastic.co/guide/en/beats/metricbeat/current/metricbeat-module-system.html](https://) ## **參考官網修改metricbeat的module** ```yaml= metricbeat.modules: - module: system metricsets: - cpu # CPU usage - load # CPU load averages - memory # Memory usage - network # Network IO - process # Per process metrics - process_summary # Process summary //此為追蹤Zombie之必須功能 - uptime # System Uptime - socket_summary # Socket summary #- core # Per CPU core usage #- diskio # Disk IO #- filesystem # File system usage for each mountpoint #- fsstat # File system summary metrics #- raid # Raid #- socket # Sockets and connection info (linux only) #- service # systemd service information enabled: true period: 10s processes: ['.*'] # Configure the mount point of the host’s filesystem for use in monitoring a host from within a container #system.hostfs: "/hostfs" # Configure the metric types that are included by these metricsets. cpu.metrics: ["percentages","normalized_percentages"] # The other available option is ticks. core.metrics: ["percentages"] # The other available option is ticks. ``` ## **安裝Development Tools於linux** `yum -y group install "Development Tools"` ## **創建 Zombie 程式** 檔名: zombie.cpp ```cpp= #include <stdlib.h> #include <sys/types.h> #include <unistd.h> int main () { pid_t child_pid; child_pid = fork (); if (child_pid > 0) { sleep (300); //父程序sleep 300秒，時間結束後zombie process將自行刪除 } else { exit (0); } return 0; } ``` ### **執行zombie程式** ``` gcc zom.cpp ./a.out ``` ### **於kibana上追蹤zombie** ``` 1.搜尋 "process_summary" 2.可看到system.process.summary.zombie =1 3.該log即為zombie process存在的資訊 ``` ###### tags: `Other` Edit by Mario 2021/7/8