Home PC Games Linux Windows Database Network Programming Server Mobile  
           
  Home \ Linux \ Sysdig: system troubleshooting tool     - Oracle 11g tracking and monitoring system-level triggers to drop misuse (Database)

- Use libpq under Ubuntu 14.04 (Linux)

- Ubuntu 14.10 splash screen brightness settings (Linux)

- Linux 6 install Oracle 11g (64bit) (Database)

- Ubuntu 12.04 commonly use shortcuts finishing Share (Linux)

- Customize the output format in Linux history (Linux)

- Qt for file splitting and fusion gadgets (Programming)

- Comparison of C # and Java (Programming)

- Teach you how to protect the security of Linux desktop (Linux)

- CentOS cross compiler core Raspberry Pi 2 (Linux)

- Python control multi-process and multi-threaded concurrency (Programming)

- Oracle Data Guard LOG_ARCHIVE_DEST_n optional attribute parameters (Database)

- How to fix apt-get update can not add a new CD-ROM error (Linux)

- Linux installed PCRE (Linux)

- MySQL stored procedures execute dynamic sql statement (Database)

- Linux gprof oprofiling and performance testing tools (Linux)

- Java string equal size comparison (Programming)

- UUID in Java (Programming)

- stat Usage: Get permission to file the corresponding figures (Linux)

- How to compare PDF files on Ubuntu (Linux)

 
         
  Sysdig: system troubleshooting tool
     
  Add Date : 2017-04-13      
         
         
         
  Sysdig listening at the operating system level, and the system calls and system events and other activities capture system down, which makes it look very much like the system-oriented tcpdump or Wireshark. If you intend to abnormal system failure investigation, it will be your problem Sysdig handy weapon.

On Linux, can be installed Sysdig use the following command:

curl -s https://s3.amazonaws.com/download.draios.com/stable/install-sysdig | sudo bash
This will Sysdig installed rpm or deb-based Linux systems.

Capture system activity

Real-time capture, print the results to the standard output:

sysdig
Save the results to a file capture system.scap, to facilitate later analysis:

sysdig -w system.scap
Specifies the number of events captured 200 and saved to the file:

sysdig -n 200 -w system.scap
Reads the captured file:

sysdig -r system.scap
Capture the interpretation of results

(1) (2) (3) (4) (5) (6) (7) (8)
1 10: 54: 50.462463956 0 sysdig (29043)> sysdigevent event_type = 1 event_data = 0
2 10: 54: 50.462603110 0 sysdig (29043)> sysdigevent event_type = 1 event_data = 0
3 10: 54: 50.462729565 0 sysdig (29043)> sysdigevent event_type = 1 event_data = 0
4 10: 54: 50.462859521 0 sysdig (29043)> sysdigevent event_type = 1 event_data = 0
5 10: 54: 50.463206317 0 sysdig (29043)> switch next = 0 pgft_maj = 0 pgft_min = 1790 vm_size = 35748 vm_rss = 7164 vm_swap = 0
6 10: 54: 50.464246835 0 < NA> (0)> switch next = 7 pgft_maj = 0 pgft_min = 0 vm_size = 0 vm_rss = 0 vm_swap = 0
7 10: 54: 50.464249707 2 < NA> (0)> switch next = 8374 pgft_maj = 0 pgft_min = 0 vm_size = 0 vm_rss = 0 vm_swap = 0
8 10: 54: 50.464255940 0 < NA> (7)> switch next = 0 pgft_maj = 0 pgft_min = 0 vm_size = 0 vm_rss = 0 vm_swap = 0
9 10: 54: 50.464264256 2 < NA> (8374)> switch next = 0 pgft_maj = 0 pgft_min = 0 vm_size = 0 vm_rss = 0 vm_swap = 0
10 10: 54: 50.464358113 2 < NA> (0)> switch next = 854 (mlnet) pgft_maj = 0 pgft_min = 0 vm_size = 0 vm_rss = 0 vm_swap = 0
11 10: 54: 50.464370099 2 mlnet (854) < poll res = 0 fds =
12 10: 54: 50.464378193 2 mlnet (854)> poll fds = timeout = 5
13 10: 54: 50.464385400 2 mlnet (854)> switch next = 0 pgft_maj = 216 pgft_min = 3386 vm_size = 162608 vm_rss = 12196 vm_swap = 2716
14 10: 54: 50.464950541 0 < NA> (0)> switch next = 1105 (memcached) pgft_maj = 0 pgft_min = 0 vm_size = 0 vm_rss = 0 vm_swap = 0
15 10: 54: 50.464954692 0 memcached (1105) < epoll_wait res = 0
16 10: 54: 50.464976007 0 memcached (1105)> epoll_wait maxevents = 32
17 10: 54: 50.464984030 0 memcached (1105)> switch next = 0 pgft_maj = 3 pgft_min = 247 vm_size = 327412 vm_rss = 1860 vm_swap = 468
18 10: 54: 50.465256687 2 < NA> (0)> switch next = 2181 (plugin-containe) pgft_maj = 0 pgft_min = 0 vm_size = 0 vm_rss = 0 vm_swap = 0
19 10: 54: 50.465261465 2 plugin-containe (2181) < poll res = 0 fds =
20 10: 54: 50.465297692 2 plugin-containe (2181)> getrlimit resource = 3 (RLIMIT_STACK)
The results captured by Sysdig As indicated above, the meaning of each column are as follows:

Event number
Timestamp
CPU ID
Process Name
Thread ID
Event direction> to enter the event, < an exit event
Types of events, such as open, read, etc.
Event parameter list
Capture Filter Results

By default, Sysdig captured information is very much in our interest to find the information from, which requires grep-like filtering.

Filter by category field:

sysdig -r system.scap proc.name = sysdig
This command system to filter out the process called sysdig events, the result is:

1 10: 54: 50.462463956 0 sysdig (29043)> sysdigevent event_type = 1 event_data = 0
2 10: 54: 50.462603110 0 sysdig (29043)> sysdigevent event_type = 1 event_data = 0
3 10: 54: 50.462729565 0 sysdig (29043)> sysdigevent event_type = 1 event_data = 0
4 10: 54: 50.462859521 0 sysdig (29043)> sysdigevent event_type = 1 event_data = 0
5 10: 54: 50.463206317 0 sysdig (29043)> switch next = 0 pgft_maj = 0 pgft_min = 1790 vm_size = 35748 vm_rss = 7164 vm_swap = 0
Sysdig offer include fd, process, evt, user, group, syslog fields such as category, can be found by sysdig -l.

In addition to = outside, Sysdig filter expression also supports the! =, < , < =,>,> =, And contains other more operators.

Also, you can use and, or, not, etc. Boolean operators. E.g:

sysdig -r system.scap proc.name = sysdig and evt.type = switch
Chisels

In Sysdig in, chisels Lua script is written, can be used to extend Sysdig filtering.

For example, we want to see the most frequently read and write disk files process, you can use this topprocs_file chisels:

sysdig -c topprocs_file
Results:

Bytes Process
------------------------------
448.36KB mozStorage
220.38KB perl
1.69KB tmux
1.62KB sh
1.59KB Xorg
1.30KB urxvtd
More chisels, by sysdig -cl understanding. Of course, if you are familiar with Lua, you can also write your own chisels.
     
         
         
         
  More:      
 
- Easily create RPM packages using the FPM (Linux)
- A list of the basics of Python, Ganso, Dictionary (Programming)
- CentOS 6.5 installation and configuration Cobbler (Server)
- No password on Oracle and MySQL login (Database)
- tar command to extract a file error: stdin has more than one entry (Linux)
- Linux Kernel 4.2.2 compiler installation tutorial (Linux)
- Hadoop connection failed or stuck processing (Server)
- Findbugs installation documentation (Linux)
- Linux / CentOS 7.0 installation and configuration under Tomcat 8.0 (Server)
- What have we learn from the front-end application Nodejs (Programming)
- Using Python and OpenCV detecting image barcode (Programming)
- Install Ubuntu Software Center App Grid (Linux)
- OpenSSL Introduction and compilation steps on Windows, Linux, Mac systems (Linux)
- How to remove the files inside the privacy of data on Linux (Linux)
- Linux operation and maintenance engineers face questions Intermediate (Linux)
- C # dynamic class notes --- (Dynamic) Applications (Programming)
- Linux Network Statistics Tools / Command (Linux)
- Google open source TCP team repaired the Linux kernel TCP flaw (Linux)
- JVM garbage collector and memory allocation strategy (Programming)
- Oracle 11g manually create a database (Database)
     
           
     
  CopyRight 2002-2022 newfreesoft.com, All Rights Reserved.