Home PC Games Linux Windows Database Network Programming Server Mobile  
           
  Home \ Linux \ Sysdig: system troubleshooting tool     - installation and configuration of the PHP environment (Apache2) under Linux (Server)

- xCAT line installation on CentOS 6.X (Linux)

- Spacewalk remove packages install the update (Linux)

- Ubuntu users to install household financial management tools HomeBank 5.0.0 (Linux)

- Detailed software to run UnixBench (Linux)

- Linux account related documents Interpretation (Linux)

- Git Getting Started tutorial (Linux)

- How to create a binary distribution with Bash (Linux)

- cursor_sharing induced error ORA-00600 (Database)

- GlusterFS distributed storage deployment (Server)

- MySQL Installation Troubleshooting (Database)

- IO reference Docker container (Server)

- Linux installed Cisco Packet Tracer (Linux)

- Java source implementation of the observer pattern instance (Programming)

- [SHELL] MySQL primary recovery solution from + Keepalived online (Server)

- Redis application of Sina Weibo (Database)

- Minimum period string problem (Programming)

- CentOS 6.7 compile and install LAMP (Server)

- How to install the latest version of the Eclipse in Ubuntu 14.04 (Linux)

- With screenfetch linux logo and basic hardware information display with cool Linux logo (Linux)

 
         
  Sysdig: system troubleshooting tool
     
  Add Date : 2017-04-13      
         
         
         
  Sysdig listening at the operating system level, and the system calls and system events and other activities capture system down, which makes it look very much like the system-oriented tcpdump or Wireshark. If you intend to abnormal system failure investigation, it will be your problem Sysdig handy weapon.

On Linux, can be installed Sysdig use the following command:

curl -s https://s3.amazonaws.com/download.draios.com/stable/install-sysdig | sudo bash
This will Sysdig installed rpm or deb-based Linux systems.

Capture system activity

Real-time capture, print the results to the standard output:

sysdig
Save the results to a file capture system.scap, to facilitate later analysis:

sysdig -w system.scap
Specifies the number of events captured 200 and saved to the file:

sysdig -n 200 -w system.scap
Reads the captured file:

sysdig -r system.scap
Capture the interpretation of results

(1) (2) (3) (4) (5) (6) (7) (8)
1 10: 54: 50.462463956 0 sysdig (29043)> sysdigevent event_type = 1 event_data = 0
2 10: 54: 50.462603110 0 sysdig (29043)> sysdigevent event_type = 1 event_data = 0
3 10: 54: 50.462729565 0 sysdig (29043)> sysdigevent event_type = 1 event_data = 0
4 10: 54: 50.462859521 0 sysdig (29043)> sysdigevent event_type = 1 event_data = 0
5 10: 54: 50.463206317 0 sysdig (29043)> switch next = 0 pgft_maj = 0 pgft_min = 1790 vm_size = 35748 vm_rss = 7164 vm_swap = 0
6 10: 54: 50.464246835 0 < NA> (0)> switch next = 7 pgft_maj = 0 pgft_min = 0 vm_size = 0 vm_rss = 0 vm_swap = 0
7 10: 54: 50.464249707 2 < NA> (0)> switch next = 8374 pgft_maj = 0 pgft_min = 0 vm_size = 0 vm_rss = 0 vm_swap = 0
8 10: 54: 50.464255940 0 < NA> (7)> switch next = 0 pgft_maj = 0 pgft_min = 0 vm_size = 0 vm_rss = 0 vm_swap = 0
9 10: 54: 50.464264256 2 < NA> (8374)> switch next = 0 pgft_maj = 0 pgft_min = 0 vm_size = 0 vm_rss = 0 vm_swap = 0
10 10: 54: 50.464358113 2 < NA> (0)> switch next = 854 (mlnet) pgft_maj = 0 pgft_min = 0 vm_size = 0 vm_rss = 0 vm_swap = 0
11 10: 54: 50.464370099 2 mlnet (854) < poll res = 0 fds =
12 10: 54: 50.464378193 2 mlnet (854)> poll fds = timeout = 5
13 10: 54: 50.464385400 2 mlnet (854)> switch next = 0 pgft_maj = 216 pgft_min = 3386 vm_size = 162608 vm_rss = 12196 vm_swap = 2716
14 10: 54: 50.464950541 0 < NA> (0)> switch next = 1105 (memcached) pgft_maj = 0 pgft_min = 0 vm_size = 0 vm_rss = 0 vm_swap = 0
15 10: 54: 50.464954692 0 memcached (1105) < epoll_wait res = 0
16 10: 54: 50.464976007 0 memcached (1105)> epoll_wait maxevents = 32
17 10: 54: 50.464984030 0 memcached (1105)> switch next = 0 pgft_maj = 3 pgft_min = 247 vm_size = 327412 vm_rss = 1860 vm_swap = 468
18 10: 54: 50.465256687 2 < NA> (0)> switch next = 2181 (plugin-containe) pgft_maj = 0 pgft_min = 0 vm_size = 0 vm_rss = 0 vm_swap = 0
19 10: 54: 50.465261465 2 plugin-containe (2181) < poll res = 0 fds =
20 10: 54: 50.465297692 2 plugin-containe (2181)> getrlimit resource = 3 (RLIMIT_STACK)
The results captured by Sysdig As indicated above, the meaning of each column are as follows:

Event number
Timestamp
CPU ID
Process Name
Thread ID
Event direction> to enter the event, < an exit event
Types of events, such as open, read, etc.
Event parameter list
Capture Filter Results

By default, Sysdig captured information is very much in our interest to find the information from, which requires grep-like filtering.

Filter by category field:

sysdig -r system.scap proc.name = sysdig
This command system to filter out the process called sysdig events, the result is:

1 10: 54: 50.462463956 0 sysdig (29043)> sysdigevent event_type = 1 event_data = 0
2 10: 54: 50.462603110 0 sysdig (29043)> sysdigevent event_type = 1 event_data = 0
3 10: 54: 50.462729565 0 sysdig (29043)> sysdigevent event_type = 1 event_data = 0
4 10: 54: 50.462859521 0 sysdig (29043)> sysdigevent event_type = 1 event_data = 0
5 10: 54: 50.463206317 0 sysdig (29043)> switch next = 0 pgft_maj = 0 pgft_min = 1790 vm_size = 35748 vm_rss = 7164 vm_swap = 0
Sysdig offer include fd, process, evt, user, group, syslog fields such as category, can be found by sysdig -l.

In addition to = outside, Sysdig filter expression also supports the! =, < , < =,>,> =, And contains other more operators.

Also, you can use and, or, not, etc. Boolean operators. E.g:

sysdig -r system.scap proc.name = sysdig and evt.type = switch
Chisels

In Sysdig in, chisels Lua script is written, can be used to extend Sysdig filtering.

For example, we want to see the most frequently read and write disk files process, you can use this topprocs_file chisels:

sysdig -c topprocs_file
Results:

Bytes Process
------------------------------
448.36KB mozStorage
220.38KB perl
1.69KB tmux
1.62KB sh
1.59KB Xorg
1.30KB urxvtd
More chisels, by sysdig -cl understanding. Of course, if you are familiar with Lua, you can also write your own chisels.
     
         
         
         
  More:      
 
- How to add two-factor authentication for Linux systems SSH (Linux)
- Setting Hibernate connection MySQL database connection pool coding (Database)
- Installation Atom text editor on Mint Ubuntu / Linux (Linux)
- Mass data storage application of MongoDB database (Database)
- Scope of variables in C # (Programming)
- Stucts2 values on the page and how the attribute values corresponding to the Action (Programming)
- Oracle 12C RAC on temporary table space Enlighten (Database)
- About Linux operating system security (Linux)
- Ubuntu arm-none-eabi-gcc compiler treated with STM32F10x (Linux)
- Python system default encoding (Programming)
- C # compiler to achieve functional use in the runtime (Programming)
- Sublime Text 3 shortcuts summary (Linux)
- Linux System Getting Started Learning: Repair fatal error openssl aes h no such file or directory (Linux)
- Ubuntu 14.04 forget solution root password (Linux)
- The difference between Objective-C language nil, Nil, NULL, NSNull (Programming)
- Ease of use "Explain Shell" script to understand Shell command (Linux)
- Linux virtual memory and physical memory (Linux)
- How to fix Not Enough Free Disk Space On / boot on Ubuntu (Linux)
- To batch create users under Linux (Linux)
- 20 Advanced Java interview questions summary (Programming)
     
           
     
  CopyRight 2002-2020 newfreesoft.com, All Rights Reserved.