システム調査系ツールを調べたい

http://kkovacs.eu/cool-but-obscure-unix-tools

• sysstat
  • sar
• qstat
• dstat
• iostat
• vmstat
• lsof
• netstat
• ss - socket statistic
  • ss stands for socket statistics. This displays information that are similar to netstat command.
  • http://ir-hosting.com/support/knowledgebase/53/Socket-Statistics–SS.html
• iotop

netstat

• netstat [-a]

  LISTEN されているネットワークポートや UNIX domain socket が見れる

• 参考

  • http://www.atmarkit.co.jp/ait/articles/0201/30/news003.html

lsof

• lsof -i

  ネットワークポートがどんな感じで開いてるかリスト

COMMAND PID    USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
dhcpcd  264    root   10u  IPv4  10545      0t0  UDP *:bootpc
sshd    268    root    3u  IPv4  10522      0t0  TCP *:ssh (LISTEN)
sshd    268    root    4u  IPv6  10524      0t0  TCP *:ssh (LISTEN)
sshd    485    root    3u  IPv4    728      0t0  TCP localhost:ssh->gateway:52362 (ESTABLISHED)
sshd    491 vagrant    3u  IPv4    728      0t0  TCP localhost:ssh->gateway:52362 (ESTABLISHED)

• sudo lsof <filename>

  ファイルを開いているプロセスをリスト

: 2015/09/02 03:06 SSH $ lsof /bin/bash
COMMAND PID    USER  FD   TYPE DEVICE SIZE/OFF   NODE NAME
bash    492 vagrant txt    REG   0,20   791304 117676 /usr/bin/bash

その他、 PID でフィルタしたり、ポート番号でフィルタしたりできる

• 参考
  • http://www.ksknet.net/linuxjq/lsof.html
  • http://www.atmarkit.co.jp/flinux/rensai/linuxtips/664useportps.html
  • http://hogem.hatenablog.com/entry/20070223/1172221315

---

• perf

strace

• strace echo abc
• コマンドがどういう systemcall を出してるかわかる

vagrant@localhost ~]$ strace echo abc
execve("/usr/bin/echo", ["echo", "abc"], [/* 16 vars */]) = 0
brk(0)                                  = 0x246a000
access("/etc/ld.so.preload", R_OK)      = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=39086, ...}) = 0
mmap(NULL, 39086, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7fd28e0c8000
close(3)                                = 0
open("/usr/lib/libc.so.6", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0 \t\2\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=1984880, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd28e0c7000
mmap(NULL, 3813008, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7fd28db0e000
mprotect(0x7fd28dca7000, 2097152, PROT_NONE) = 0
mmap(0x7fd28dea7000, 24576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x199000) = 0x7fd28dea7000
mmap(0x7fd28dead000, 16016, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7fd28dead000
close(3)                                = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd28e0c6000
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd28e0c5000
arch_prctl(ARCH_SET_FS, 0x7fd28e0c6700) = 0
mprotect(0x7fd28dea7000, 16384, PROT_READ) = 0
mprotect(0x606000, 4096, PROT_READ)     = 0
mprotect(0x7fd28e0d2000, 4096, PROT_READ) = 0
munmap(0x7fd28e0c8000, 39086)           = 0
brk(0)                                  = 0x246a000
brk(0x248b000)                          = 0x248b000
fstat(1, {st_mode=S_IFCHR|0622, st_rdev=makedev(136, 0), ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd28e0d1000
write(1, "abc\n", 4abc
)                    = 4
close(1)                                = 0
munmap(0x7fd28e0d1000, 4096)            = 0
close(2)                                = 0
exit_group(0)                           = ?
+++ exited with 0 +++