• Welcome to the world's largest Chinese hacker forum

    Welcome to the world's largest Chinese hacker forum, our forum registration is open! You can now register for technical communication with us, this is a free and open to the world of the BBS, we founded the purpose for the study of network security, please don't release business of black/grey, or on the BBS posts, to seek help hacker if violations, we will permanently frozen your IP and account, thank you for your cooperation. Hacker attack and defense cracking or network Security

    business please click here: Creation Security  From CNHACKTEAM

Recommended Posts

在实际工作中,偶尔会出现系统的CPU利用率和系统的平均负载都很高,却找不到高CPU的应用的情况。

出现此问题的原因:进程可能会不断崩溃和重启。

通过正常运行时间发现系统负载非常高,但是很难通过top、mpstat、pidstat、perf等工具找出是什么进程导致了系统负载和CPU的高利用率。

注意:从上面的工具判断,它不是CPU密集型的,没有IO等待,也没有进程和线程之间的争用。

exec snoop——一个专门用于跟踪短时进程(瞬态进程)的工具;

它通过ftrace实时监控进程的exec()行为,输出短时进程的基本信息,包括进程PID、父进程PID、命令行参数和执行结果。

Github地址:3359github.com/Brendan格雷戈/perf-tools/blob/master/execsoop

安装使用方法:复制上面github的内容,然后写入execsnoop文件,添加X权限;

用法:

#./execsnoop

59187 59186/usr/local/bin/stress-t1-D1

59188 28775 .-59188 [000] d.40067.137167: exec snoop _ SyS _ execve :(SyS _ execve0x 0/0x 30)

5919159188/usr/local/bin/stress-t1-D1

59190 28778 .59190 [003] d.40067.138913: exec snoop _ SyS _ execve :(SyS _ execve0x 0/0x 30)

59192 28776 .-59192 [003] d.40067.139103: exec snoop _ SyS _ execve :(SyS _ execve0x 0/0x 30)

59194 59192/usr/local/bin/stress-t1-D1

59196 59190/usr/local/bin/stress-t1-D1

59198 28770 .-59198.40067.145500: exec snoop _ SyS _ execve :(SyS _ execve0x 0/0x 30)

59199 28779 .-59199.40067.146228: exec snoop _ SyS _ execve :(SyS _ execve0x 0/0x 30)

59200 59198/usr/local/bin/stress-t1-D1

5920259199/usr/local/bin/stress-t1-D1

59204 28778 .-59204.40067.155150: exec snoop _ SyS _ execve :(SyS _ execve0x 0/0x 30)

59206 28775 .-59206 [001] d.40067.157282: exec snoop _ SyS _ execve :(SyS _ execve0x 0/0x 30)

59208 59206/usr/local/bin/stress-t1-D1

59209 28770 .-59209.40067.158381: exec snoop _ SyS _ execve :(SyS _ execve0x 0/0x 30)

59205 59204/usr/local/bin/stress-t1-D1

59207 28776 .第59207号.40067.158882: exec snoop _ SyS _ execve :(SyS _ execve0x 0/0x 30)

可以看到,有大量的压力进程,不断被激活,导致系统负载和CPU利用率增加;

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now