Installs atop on a host and configures it to log process metrics (at a 60s granularity, by default).
This enables investigation of historical process behavior in the case of unexpectedly high CPU or memory usage, which can be useful if players manage to exploit a challenge or escape from a container.
To view logged metrics in atop, specify a log file using the -r flag:
$ atop -r /var/log/atop/atop_YYYYMMDDthen use the t and T commands to step forwards and backwards in time. See atop --help for a
listing of additional flags to modify the output. Some flags which may be particularly useful are:
-cto include command line information for each process-vto view parent process IDs and other ID info (mutually exclusive with-c)-mto replace CPU usage % with memory usage %-Cto sort by CPU usage (the default, unless-mis provided)-Mto sort by memory usage
| Name | Description | Default |
|---|---|---|
log_interval_secs |
How frequently atop should log the system state (in seconds) | 60 |
log_retention_days |
How long logs should be stored (in days) | 28 |
upgrade |
Whether to upgrade atop if already installed | false |