Tracing what a Linux process is doing

Linux specific questions/information are gathered here. The main thrust of topics are applied to Centos/RedHat(RH)/Debian/Ubuntu/Gentoo distributives

Tracing what a Linux process is doing

Postby lik » Sat Jun 06, 2009 5:29 am

From time to time you will get hanged process or you are unsure of what a process is doing at that moment.

You can trace what a process is doing by running:
Code: Select all
strace -p PID

Where PID is the process ID. Whis will show you what that process is doing in real time.
This is usefull for detecting exploits or the source of a hang process.
To detach from that process simply press CTRL + C.

Hope it helps !
lik
Founder
Founder
 
Posts: 497
Joined: Wed Dec 15, 2010 3:21 am

Re: Tracing what a Linux process is doing

Postby lik » Sat Jun 06, 2009 5:33 am

You may use strace -Ffv -s 8192 (-p /)

This will give you *much* more information. It will also follow any forked/spawned/cloned processes. Using this in conjunction with -o is handy for stracing cpsrvd itself so you you can look at it after the fact in less and get a better idea of what is going on.

If you are looking for a specific syscall, using this with -e is handy as well. So, if you just want to see file operations, add -e file to it (see man strace for more info)
Another neat trick is using this with awk to generate the -p flags to strace multiple processes (like httpd):
Code: Select all
strace -Ffv -s 8192 -o ~/httpd.strace `ps aux | awk ‘/httpd/ {print ” -p ” $2}’ | tr -d ‘\n’`

which will launch a strace on every process name matching httpd.
lik
Founder
Founder
 
Posts: 497
Joined: Wed Dec 15, 2010 3:21 am

View core dump files

Postby lik » Sun Aug 02, 2009 4:06 am

In computing, a core dump consists of the recorded state of the working memory of a computer program at a specific time, generally when the program has terminated abnormally (crashed).[1] In practice, other key pieces of program state are usually dumped at the same time, including the processor registers, which may include the program counter and stack pointer, memory management information, and other processor and operating system flags and information. The name comes from the once-standard core memory technology. Core dumps are often used to diagnose or debug errors in computer programs.

On many operating systems, a fatal error in a program automatically triggers a core dump, and by extension the phrase "to dump core" has come to mean, in many cases, any fatal error, regardless of whether a record of the program memory results.

The term "core dump" has become jargon to indicate any deposition of a large amount of unedited data for further examination.

http://en.wikipedia.org/wiki/Core_dump
lik
Founder
Founder
 
Posts: 497
Joined: Wed Dec 15, 2010 3:21 am


Return to Linux specific

 


  • Related topics
    Replies
    Views
    Last post
cron