Cryptzone Support

 
If you wish to submit a support ticket please sign in to your customer portal or use the “submit a ticket” button at the top menu.
If you need to find documentation about our Sheriff Suite please login to the Hive- Click Here

 

Article

Use_dtrace_to_probe_processes

« Go Back

Information

 
Article Number000001058
Article

In certain cases dtrace can provide good information for Cryptzone support.  With trace/debug information we can help you faster solving issues you are observing.

 

Run the following commands as root. 

1. Find the process with most syscalls

 

dtrace -qn 'syscall:::entry { @[execname] = count(); }tick-10 {exit(0)}' | egrep -v dtrace | tail -10 | sort -rnk2


 

Example output:

PROCESS            #SYSCALLS
 ag_logd                33
 ag_secmsgd             26
 nscd                   12



In the example output, ag_logd ranks highest. 

2. Identify functions with high syscalls
Find the function, of the process doing most syscalls (replace ag_logd in your case):
 

dtrace -qn 'syscall:::entry /execname=="ag_logd" /{ @[probefunc] = count();} tick-10 {exit(0)}'| tail -10 | sort -rnk2



Example output:

 
 FUNCTION            #SYSCALLS

  fcntl                 14
  sigaction             10
  nanosleep              4
  doorfs                 4
  gtime                  1

 
 
3. Create pstack for functions of interests 
Now create a pstack for further investigation for the function(s) with the highest syscalls (replace fcntl and ag_logd in your case)

 
dtrace -qn 'syscall::fcntl:entry /execname=="ag_logd" /{ @[ustack()] = count();} tick-10 {exit(0)}' | sed 's/`/:/g'

Example output (truncated):
     
 libc.so.1:__fcntl_syscall+0x15
              libc.so.1:fcntl+0x104
              ag_logd:unixShmSystemLock+0x68
      :
              .




4. Create the pstack of the process

 
ps -ef |grep "ag_logd"
 root 611 1 0 Jun 03 ? 0:00 /opt/APPGserv/sbin/ag_logd
agdaemon 612 1 0 Jun 03 ? 7:32 /opt/APPGserv/sbin/ag_logd
 root 28942 28814 0 20:15:31 pts/1 0:00 grep ag_logd

ext1:~# pstack 28814
28814: tcsh
 fecc4da5 sigsuspend (80478d0)
 0807a3c6 pjwait (80dd2c8, 80dd208, 8047a18, 807cf07) + f2
 0807a2c9 pwait (8047958, fec99a97, 3, 0, 0, 0) + 45
 0807cf23 execute (80dd208, 708e, 0, 0, 1, a) + b93
 0807c68d execute (80dcf08, 708e, 0, 0, 1, 8079770) + 2fd
 0806266e process (1, 0, 8047d28, 8061344) + 41e
 08061393 main (0, 8047d54, 8047d5c, 805f9ff) + 17b3
 0805fa5d _start (1, 8047e1c, 0, 8047e21, 8047e28, 8047e35) + 7d
Related File 
Additional Files 

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255