Home IT Linux Windows Database Network Programming Server Mobile  
           
  Home \ Linux \ Sysdig: system troubleshooting tool     - PXE installation of Linux servers (Server)

- How to identify memory leaks in Java (Programming)

- Perl said method B if A judge (Programming)

- Python closure and function objects (Programming)

- Sort sql MySQL 5.6 upgrade slow Cause Analysis (Database)

- Redmine Installation (Linux)

- Oracle 12c R2 new feature dbca command to create a standby database (Database)

- Enterprise Hadoop cluster architecture - Hadoop installation (Server)

- Based on a complete solution RMI service to transfer large files (Programming)

- Oracle LONG RAW BLOB CLOB type of presentation (Database)

- Use the vi text editor and copy and paste Linux tips (Linux)

- Oracle database physical file backup / restore (Database)

- Performance Diagnosis of 60,000 milliseconds for Linux (Linux)

- CentOS 6.5 system installation Oracle11.2.0.4 basic steps (Database)

- Python dictionary applications get built-in method (Programming)

- How to Install Telegram instant messaging software on Ubuntu (Linux)

- Mac Docker deploy development environment (Server)

- ThinkPad X201i installation notes Debian 7.5 (Linux)

- Java in several ways of using MongoDB (Programming)

- Installation Enpass secure password manager on Ubuntu (Linux)

 
         
  Sysdig: system troubleshooting tool
     
  Add Date : 2017-04-13      
         
       
         
  Sysdig listening at the operating system level, and the system calls and system events and other activities capture system down, which makes it look very much like the system-oriented tcpdump or Wireshark. If you intend to abnormal system failure investigation, it will be your problem Sysdig handy weapon.

On Linux, can be installed Sysdig use the following command:

curl -s https://s3.amazonaws.com/download.draios.com/stable/install-sysdig | sudo bash
This will Sysdig installed rpm or deb-based Linux systems.

Capture system activity

Real-time capture, print the results to the standard output:

sysdig
Save the results to a file capture system.scap, to facilitate later analysis:

sysdig -w system.scap
Specifies the number of events captured 200 and saved to the file:

sysdig -n 200 -w system.scap
Reads the captured file:

sysdig -r system.scap
Capture the interpretation of results

(1) (2) (3) (4) (5) (6) (7) (8)
1 10: 54: 50.462463956 0 sysdig (29043)> sysdigevent event_type = 1 event_data = 0
2 10: 54: 50.462603110 0 sysdig (29043)> sysdigevent event_type = 1 event_data = 0
3 10: 54: 50.462729565 0 sysdig (29043)> sysdigevent event_type = 1 event_data = 0
4 10: 54: 50.462859521 0 sysdig (29043)> sysdigevent event_type = 1 event_data = 0
5 10: 54: 50.463206317 0 sysdig (29043)> switch next = 0 pgft_maj = 0 pgft_min = 1790 vm_size = 35748 vm_rss = 7164 vm_swap = 0
6 10: 54: 50.464246835 0 < NA> (0)> switch next = 7 pgft_maj = 0 pgft_min = 0 vm_size = 0 vm_rss = 0 vm_swap = 0
7 10: 54: 50.464249707 2 < NA> (0)> switch next = 8374 pgft_maj = 0 pgft_min = 0 vm_size = 0 vm_rss = 0 vm_swap = 0
8 10: 54: 50.464255940 0 < NA> (7)> switch next = 0 pgft_maj = 0 pgft_min = 0 vm_size = 0 vm_rss = 0 vm_swap = 0
9 10: 54: 50.464264256 2 < NA> (8374)> switch next = 0 pgft_maj = 0 pgft_min = 0 vm_size = 0 vm_rss = 0 vm_swap = 0
10 10: 54: 50.464358113 2 < NA> (0)> switch next = 854 (mlnet) pgft_maj = 0 pgft_min = 0 vm_size = 0 vm_rss = 0 vm_swap = 0
11 10: 54: 50.464370099 2 mlnet (854) < poll res = 0 fds =
12 10: 54: 50.464378193 2 mlnet (854)> poll fds = timeout = 5
13 10: 54: 50.464385400 2 mlnet (854)> switch next = 0 pgft_maj = 216 pgft_min = 3386 vm_size = 162608 vm_rss = 12196 vm_swap = 2716
14 10: 54: 50.464950541 0 < NA> (0)> switch next = 1105 (memcached) pgft_maj = 0 pgft_min = 0 vm_size = 0 vm_rss = 0 vm_swap = 0
15 10: 54: 50.464954692 0 memcached (1105) < epoll_wait res = 0
16 10: 54: 50.464976007 0 memcached (1105)> epoll_wait maxevents = 32
17 10: 54: 50.464984030 0 memcached (1105)> switch next = 0 pgft_maj = 3 pgft_min = 247 vm_size = 327412 vm_rss = 1860 vm_swap = 468
18 10: 54: 50.465256687 2 < NA> (0)> switch next = 2181 (plugin-containe) pgft_maj = 0 pgft_min = 0 vm_size = 0 vm_rss = 0 vm_swap = 0
19 10: 54: 50.465261465 2 plugin-containe (2181) < poll res = 0 fds =
20 10: 54: 50.465297692 2 plugin-containe (2181)> getrlimit resource = 3 (RLIMIT_STACK)
The results captured by Sysdig As indicated above, the meaning of each column are as follows:

Event number
Timestamp
CPU ID
Process Name
Thread ID
Event direction> to enter the event, < an exit event
Types of events, such as open, read, etc.
Event parameter list
Capture Filter Results

By default, Sysdig captured information is very much in our interest to find the information from, which requires grep-like filtering.

Filter by category field:

sysdig -r system.scap proc.name = sysdig
This command system to filter out the process called sysdig events, the result is:

1 10: 54: 50.462463956 0 sysdig (29043)> sysdigevent event_type = 1 event_data = 0
2 10: 54: 50.462603110 0 sysdig (29043)> sysdigevent event_type = 1 event_data = 0
3 10: 54: 50.462729565 0 sysdig (29043)> sysdigevent event_type = 1 event_data = 0
4 10: 54: 50.462859521 0 sysdig (29043)> sysdigevent event_type = 1 event_data = 0
5 10: 54: 50.463206317 0 sysdig (29043)> switch next = 0 pgft_maj = 0 pgft_min = 1790 vm_size = 35748 vm_rss = 7164 vm_swap = 0
Sysdig offer include fd, process, evt, user, group, syslog fields such as category, can be found by sysdig -l.

In addition to = outside, Sysdig filter expression also supports the! =, < , < =,>,> =, And contains other more operators.

Also, you can use and, or, not, etc. Boolean operators. E.g:

sysdig -r system.scap proc.name = sysdig and evt.type = switch
Chisels

In Sysdig in, chisels Lua script is written, can be used to extend Sysdig filtering.

For example, we want to see the most frequently read and write disk files process, you can use this topprocs_file chisels:

sysdig -c topprocs_file
Results:

Bytes Process
------------------------------
448.36KB mozStorage
220.38KB perl
1.69KB tmux
1.62KB sh
1.59KB Xorg
1.30KB urxvtd
More chisels, by sysdig -cl understanding. Of course, if you are familiar with Lua, you can also write your own chisels.
     
         
       
         
  More:      
 
- Linux server startup and logon security settings (Linux)
- Linux Operating System Security Management Experience (Linux)
- CentOS 6.5 dual card configuration, one of the external network, a local area network connection (Linux)
- 17 How to install the Ubuntu 14.04 and Linux Mint Kodi14 (XBMC) (Linux)
- Java proxy mode (Programming)
- MongoDB query timeout exception SocketTimeoutException (Database)
- Oracle ORA-01089 failure analysis (Database)
- Practical Handbook: 130+ improve the efficiency of commonly used commands Vim (Linux)
- Ubuntu arm-none-eabi-gcc compiler treated with STM32F10x (Linux)
- Install apr support for Tomcat on Linux (Server)
- Using Lua implement various operations list (Programming)
- Disk storage structure and file recovery experiment (FAT file system) (Linux)
- Ubuntu 32 compile Android 4.0.4 Problems (Linux)
- Tomcat installation under Linux (Server)
- Safe learning through self-extracting package to achieve invasion (Linux)
- Linux System Administrator Network Security Experience (Linux)
- Fatal NI connect error 12170 error in Alert Log (Database)
- ORA-4031 error Solution (Database)
- CentOS 6.5 x86_64 system customized automated deployment (Linux)
- How to install the Ruby runtime environment on Mac OS X (Linux)
     
           
     
  CopyRight 2002-2016 newfreesoft.com, All Rights Reserved.