Shulou(Shulou.com)06/01 Report--

This article mainly explains "how to use sysdig to monitor and troubleshoot Linux system server". The content of the article is simple and clear, and it is easy to learn and understand. Please follow the editor's train of thought to study and learn "how to use sysdig to monitor and troubleshoot Linux system server".

When you need to track the system calls generated and received by a process, what comes to mind first? You may think of strace, then you are right. What command-line tools would you use to monitor raw network traffic? If you think of tcpdump, you have made another excellent choice. And if you encounter the need to track open files (in the sense of Unix: everything is a file), you may use lsof.

Strace, tcpdump, and lsof are really great tools, and they should be part of every system management staff set, which is why you should fall in love with sysdig. It is a powerful open source tool for system-level reconnaissance and troubleshooting, and its creators introduced it as "strace+tcpdump+lsof+ 's wonderful sauce dotted with lua cherries". Humor aside, one of the best features of sysdig is that it can not only analyze the "live" state of the Linux system, but also save that state as a dump file for offline inspection. More importantly, you can customize the behavior of sysdig, or even enhance it with a built-in (or you can write) small script called chisel. A separate chisel can analyze the flow of events captured by sysdig in various styles specified by the script.

In this tutorial, we will explore the installation and basic usage of sysdig, and implement system monitoring and troubleshooting on Linux.

Install Sysdig

For this tutorial, we will choose to use the automated installation process provided on the official website in order to simplify, shorten the installation process and the version is unknown. During automation, the installation script automatically detects the operating system and installs the necessary dependency packages.

Run the following command as root to install sysdig from the official apt/yum repository:

The code is as follows:

# curl-s https://s3.amazonaws.com/download.draios.com/stable/install-sysdig | bash

After the installation is complete, we can call sysdig in the following ways to feel it:

The code is as follows:

# sysdig

Our screen will immediately be filled with all the events that happen on the system, and it is not easy for us to do more about this information. For further processing, we can run:

The code is as follows:

# sysdig-cl | less

To see a list of available chisels.

The following categories are available by default, and there are multiple built-in chisels in each category.

CPU Usage:CPU usage

Errors: error

I/O

Logs: log

Misc: hybrid

Net: network

Performance: performanc

Security: security

System State: system statu

To display the information on the specified chisel (including detailed command line usage), run the following command:

The code is as follows:

# sysdig-cl [chisel name]

For example, we can check the information about the spy_port chisel under the "network" category:

The code is as follows:

# sysdig-I spy_port

The chisel can be combined with filters (which can be applied to both real-time data and record files) to obtain more useful output.

The filter complies with the class. Field structure. For example:

Fd.cip: client IP address.

Evt.dir: event direction, which can be'>'to enter the event, or'

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.