Sysdig - Kayan aiki mai ƙarfi na Kulawa da Shirya matsala don Linux

Sysdig shine tushen bude-bude, giciye-dandamali, mai ƙarfi da sassauƙar tsarin kulawa da kayan aiki na warware matsalar Linux; Hakanan yana aiki akan Windows da Mac OSX amma tare da iyakancewar ayyuka kuma ana iya amfani dashi don nazarin tsarin, dubawa da gyarawa.

A al'ada, zaku yi amfani da haɗaɗɗun nau'ikan sa ido kan ayyukan Linux daban-daban da kayan aikin gyara matsala gami da waɗanda aka jera a ƙasa don aiwatar da ayyukan sa ido da lalata Linux:

  1. strace – gano tsarin kira da sigina zuwa tsari.
  2. tcpdump – albarkatun sa ido kan zirga-zirgar hanyar sadarwa.
  3. netstat – sa ido kan haɗin yanar gizo.
  4. htop – saka idanu kan tsarin lokaci na gaske.
  5. iftop – ainihin lokacin sa ido kan bandwidth na cibiyar sadarwa.
  6. lsof – duba waɗanne fayiloli aka buɗe ta wanne tsari.

Koyaya, sysdig yana haɗa abin da duk kayan aikin da ke sama da ƙari da yawa, suna bayarwa a cikin shirin guda ɗaya da sauƙi, ƙari tare da tallafin ganga mai ban mamaki. Yana ba ku damar kamawa, adanawa, tacewa da bincika ainihin halayen (rafi na abubuwan da suka faru) na tsarin Linux da kwantena.

Ya zo tare da ƙirar layin umarni da UI mai ƙarfi mai ƙarfi (csysdig) wanda ke ba ku damar kallon ayyukan tsarin a ainihin lokacin, ko aiwatar da juji da adanawa don bincike na gaba. Kuna iya kallon yadda csysdig ke aiki daga bidiyon da ke ƙasa.

  • Yana da sauri, karko kuma mai sauƙin amfani tare da cikakkun bayanai dalla-dalla.
  • Ya zo tare da tallafi na asali don fasahar kwantena, gami da Docker, LXC.
    • An rubuta shi a cikin Lua; yana ba da chisels (rubutun Lua masu nauyi) don sarrafa abubuwan da suka faru na tsarin kama.
  • Yana goyan bayan tace fitarwa mai amfani.
  • Tallafawa tsarin aiki da gano aikace-aikace.
    • Ana iya haɗa shi tare da Mai yiwuwa, Tsanana da Logstash.
  • Kunna samfurin bincike na ci-gaba.
    • Har ila yau, yana ba da fasalolin bincike na harin uwar garken Linux (forensics) don hackers da ƙari.

A cikin wannan labarin, za mu nuna yadda ake shigar da sysdig akan tsarin Linux, kuma muyi amfani da shi tare da misalan misalan bincike na tsarin, saka idanu da gyara matsala.

Yadda ake Sanya Sysdig a Linux

Shigar da kunshin sysdig yana da sauƙi kamar gudanar da umarnin da ke ƙasa, wanda zai duba duk buƙatun; idan kowane abu yana wurin, zai zazzagewa da shigar da kunshin daga ma'ajiyar Draios APT/YUM.

# curl -s https://s3.amazonaws.com/download.draios.com/stable/install-sysdig | bash 
OR
$ curl -s https://s3.amazonaws.com/download.draios.com/stable/install-sysdig | sudo bash

Bayan shigar da shi, kuna buƙatar gudanar da sysdig azaman tushen saboda yana buƙatar samun dama ga yankuna masu mahimmanci kamar /proc file system, /dev/sysdig* na'urorin kuma yana buƙatar ɗaukar nauyin sysdig-probe kernel module (idan ba haka bane) ; in ba haka ba yi amfani da umarnin sudo.

Misali mafi mahimmanci shine gudanar da shi ba tare da wata gardama ba, wannan zai ba ku damar duba rafin tsarin Linux ɗin ku na abubuwan da aka sabunta a cikin ainihin lokaci:

$ sudo sysdig

Fitowar da ke sama (raw data) ƙila ba ta yi muku ma'ana mai yawa ba, don ƙarin amfani mai amfani csysdig:

$ sudo csysdig

Lura: Don samun ainihin ji na wannan kayan aiki, kuna buƙatar amfani da sysdig wanda ke samar da ɗanyen bayanai kamar yadda muka gani a baya, daga tsarin Linux mai gudana: wannan yana kiran ku don fahimtar yadda ake amfani da matattara da chisels.

Amma idan kuna buƙatar hanyar da ba ta da zafi ta amfani da sysdig - ci gaba da csysdig.

Fahimtar Sysdig Chisels da Filters

Sysdig chisels ƙananan rubutun Lua ne don bincika rafi na taron sysdig don aiwatar da ayyukan magance matsalar tsarin masu amfani da ƙari. Umurnin da ke ƙasa zai taimaka muku duba duk abin da ke akwai:

$ sudo sysdig -cl

Hoton allo yana nuna jerin samfurin chisels ƙarƙashin nau'i daban-daban.

Idan kana son samun ƙarin bayani game da wani gungu na musamman, yi amfani da tutar -i:

$ sudo sysdig -i topprocs_cpu

Sysdig filters yana ƙara ƙarin ƙarfi ga nau'in fitarwa da za ku iya samu daga rafukan taron, suna ba ku damar tsara fitarwa. Yakamata ka saka su a ƙarshen layin umarni.

Madaidaicin tacewa kuma mafi kowa shine ainihin abin dubawa \class.field=value, zaka iya hada chisels tare da tacewa don madaidaicin gyare-gyare masu ƙarfi.

Don duba jerin azuzuwan filin da ake da su, filaye da kwatancensu, rubuta:

$ sudo sysdig -l

Don zubar da fitarwar sysdig a cikin fayil don bincike na gaba, yi amfani da alamar -w kamar wannan.

Kuna iya karanta fayil ɗin juji ta amfani da tutar -r:

$ sudo sysdig -r trace.scap

Ana amfani da zaɓin -s don ƙididdige adadin baiti na bayanai da za a ɗauka don kowane taron tsarin. A cikin wannan misalin, muna tace abubuwan da suka faru don tsarin ɗan adam.

$ sudo sysdig -s 3000 -w trace.scap
$ sudo sysdig -r trace.scap proc.name=mongod

Don lissafin hanyoyin tsarin, rubuta:

$ sudo sysdig -c ps

Don kallon manyan matakai ta hanyar amfani da CPU, gudanar da wannan umarni:

$ sudo sysdig -c topprocs_cpu

Don duba hanyoyin sadarwar tsarin, gudu:

$ sudo sysdig -c netstat

Umurni mai zuwa zai taimaka maka lissafin manyan hanyoyin sadarwa ta hanyar jimlar bytes:

$ sudo sysdig -c topconns

Na gaba, zaku iya lissafin manyan matakai ta hanyar I/O na cibiyar sadarwa kamar haka:

$ sudo sysdig -c topprocs_net

Kuna iya fitar da bayanan karantawa da rubuta su ta hanyar matakai akan tsarin kamar ƙasa:

$ sudo sysdig -c echo_fds

Don lissafin manyan matakai ta hanyar (karanta + rubuta) bytes diski, yi amfani da:

$ sudo sysdig -c topprocs_file

Don ci gaba da sa ido kan kunkuntar tsarin (kiran tsarin a hankali), aiwatar da wannan umarni:

$ sudo sysdig -c bottlenecks

Don bibiyar lokacin aiwatar da tsari, zaku iya gudanar da wannan umarni kuma ku zubar da alamar a cikin fayil:

$ sudo sysdig -w extime.scap -c proc_exec_time

Sannan yi amfani da tacewa don saukar da cikakkun bayanai na takamaiman tsari (postgres a cikin wannan misalin) kamar haka:

$ sudo sysdig -r extime.scap proc.name=postgres

Wannan umarni mai sauƙi zai taimake ka gano jinkirin cibiyar sadarwa I/0:

$ sudo sysdig -c netlower

Umurnin da ke ƙasa yana taimaka muku nuna kowane saƙon da aka rubuta zuwa syslog, idan kuna sha'awar shigarwar log don takamaiman tsari, ƙirƙirar juji kuma tace shi daidai kamar yadda aka nuna a baya:

$ sudo sysdig -c spy_syslog

Kuna iya buga kowane bayanan da kowane tsari ya rubuta zuwa fayil ɗin log kamar haka:

$ sudo sysdig -c spy_logs

Idan kuna da sabar HTTP kamar Apache ko Nginx da ke gudana akan tsarin mu, duba ta cikin buƙatun sabar tare da wannan umarni:

$ sudo sysdig -c httplog    
$ sudo sysdig -c httptop   [Print Top HTTP Requests]

Umurnin da ke ƙasa zai ba ku damar duba duk ID na harsashi na shiga:

$ sudo sysdig -c list_login_shells

A ƙarshe amma ba kalla ba, zaku iya nuna ayyukan masu amfani da tsarin kamar haka:

$ sudo sysdig -c spy_users

Don ƙarin bayanin amfani da misalai, karanta sysdig da shafukan csysdig man:

$ man sysdig 
$ man csysdig

Dubawa: https://www.sysdig.org/

Hakanan duba waɗannan kayan aikin saka idanu masu amfani na Linux:

  1. BCC - Kayan aikin Bincike Mai Tsaru don Kulawa da Ayyukan Linux, Sadarwar Sadarwa da ƙari
  2. pyDash – Kayan aikin Kulawa da Ayyukan Linux na Tushen Yanar Gizo
  3. Perf- Kayan aikin Kulawa da Bincike na Ayyuka don Linux
  4. Tari: Babban Kayan aikin Kulawa Duk-in-Ɗaya don Linux
  5. Netdata - Kayan aikin Kula da Ayyukan Aiki na Ainihin don Tsarin Linux

Sysdig yana haɗa ayyuka daga kayan aikin layin umarni da yawa zuwa cikin keɓance mai ban mamaki, don haka yana ba ku damar zurfafa zurfafa cikin abubuwan da ke faruwa na tsarin Linux don tattara bayanai, adana don bincike na gaba kuma yana ba da tallafin kwantena mai ban mamaki.

Don yin kowace tambaya ko raba kowane tunani game da wannan kayan aikin, yi amfani da fom ɗin amsa da ke ƙasa.