Linux でシステムワイドに実行回数が多いシステムコールや実行時間が長いシステムコールを調べたい場合は、sysdig が便利です。
Sysdig Open Source - Getting Started With Csysdig - YouTube
インストール
- root で以下を実行する。
rpm --import https://s3.amazonaws.com/download.draios.com/DRAIOS-GPG-KEY.public curl -s -o /etc/yum.repos.d/draios.repo https://s3.amazonaws.com/download.draios.com/stable/rpm/draios.repo rpm -i https://mirror.us.leaseweb.net/epel/6/i386/epel-release-6-8.noarch.rpm yum -y install kernel-devel-$(uname -r) yum -y install sysdig
使い方
- csysdig を実行してビューを変えたりドリルダウンすると便利。
# csysdig
- 実行回数の多いシステムコールをランキングする。
# sysdig -c topscalls # Calls Syscall -------------------------------------------------------------------------------- 153 procinfo 64 clock_gettime 40 rt_sigprocmask 20 select 18 read 18 write 14 futex 6 pselect6 4 getdents64 2 openat 2 close 2 lstat
- 実行時間の長いシステムコールをランキングする。
# sysdig -c topscalls_time Time Syscall -------------------------------------------------------------------------------- 8.75s futex 995ms select 683us pselect6 70us write 24us clock_gettime 16us read 12us rt_sigprocmask 6.16us getdents64 6.09us openat 3.13us lstat 1.27us close
- 使い方を調べる
$ man sysdig
サポートされる Linux ディストリビューション
How to Install Sysdig for Linux · draios/sysdig Wiki · GitHub
- Debian, from 6.0
- Ubuntu, from 10.04
- CentOS, from 6
- RHEL, from 6
- Fedora, from 13
- Amazon Linux, any version available from the AWS Marketplace
- Linux Mint, from 9
- CoreOS
- Oracle, From 6.0 (UEK kernels R3+, all RHCK kernels)
何をしてるか
- /proc の下を舐めている。
# strace -e open sysdig -c topscalls 2>&1|head -200|tail -50 open("/proc/37/cmdline", O_RDONLY) = 36 open("/proc/38/cmdline", O_RDONLY) = 36 open("/proc/39/cmdline", O_RDONLY) = 36 open("/proc/40/cmdline", O_RDONLY) = 36 open("/proc/41/cmdline", O_RDONLY) = 36 open("/proc/42/cmdline", O_RDONLY) = 36 open("/proc/43/cmdline", O_RDONLY) = 36 open("/proc/44/cmdline", O_RDONLY) = 36 open("/proc/45/cmdline", O_RDONLY) = 36 open("/proc/46/cmdline", O_RDONLY) = 36 open("/proc/47/cmdline", O_RDONLY) = 36 open("/proc/48/cmdline", O_RDONLY) = 36 open("/proc/49/cmdline", O_RDONLY) = 36 open("/proc/51/cmdline", O_RDONLY) = 36 open("/proc/52/cmdline", O_RDONLY) = 36 open("/proc/53/cmdline", O_RDONLY) = 36 open("/proc/54/cmdline", O_RDONLY) = 36 open("/proc/55/cmdline", O_RDONLY) = 36 open("/proc/56/cmdline", O_RDONLY) = 36 open("/proc/57/cmdline", O_RDONLY) = 36 open("/proc/58/cmdline", O_RDONLY) = 36 open("/proc/59/cmdline", O_RDONLY) = 36 open("/proc/60/cmdline", O_RDONLY) = 36 open("/proc/61/cmdline", O_RDONLY) = 36 open("/proc/62/cmdline", O_RDONLY) = 36 open("/proc/63/cmdline", O_RDONLY) = 36 open("/proc/64/cmdline", O_RDONLY) = 36 open("/proc/65/cmdline", O_RDONLY) = 36 open("/proc/66/cmdline", O_RDONLY) = 36 open("/proc/67/cmdline", O_RDONLY) = 36 open("/proc/68/cmdline", O_RDONLY) = 36 open("/proc/69/cmdline", O_RDONLY) = 36 open("/proc/70/cmdline", O_RDONLY) = 36 open("/proc/71/cmdline", O_RDONLY) = 36 open("/proc/72/cmdline", O_RDONLY) = 36 open("/proc/73/cmdline", O_RDONLY) = 36 open("/proc/74/cmdline", O_RDONLY) = 36 open("/proc/75/cmdline", O_RDONLY) = 36 open("/proc/76/cmdline", O_RDONLY) = 36 open("/proc/77/cmdline", O_RDONLY) = 36 open("/proc/78/cmdline", O_RDONLY) = 36 open("/proc/79/cmdline", O_RDONLY) = 36 open("/proc/80/cmdline", O_RDONLY) = 36 open("/proc/81/cmdline", O_RDONLY) = 36 open("/proc/82/cmdline", O_RDONLY) = 36 open("/proc/83/cmdline", O_RDONLY) = 36 open("/proc/84/cmdline", O_RDONLY) = 36 open("/proc/85/cmdline", O_RDONLY) = 36 open("/proc/86/cmdline", O_RDONLY) = 36 open("/proc/87/cmdline", O_RDONLY) = 36
