Friday, June 19, 2009

Intercepting Process Core Dumps

We disabled process core dumps on one of our environments but still we want to know when it happens along with some more information on the even.

root@ dtrace -q -n fbt:genunix:core:entry \
'{printf("%Y exec: %s args: %s cwd: %s pid: %d zone: %s signal: %d\n", \
walltimestamp, curpsinfo->pr_fname, curpsinfo->pr_psargs, cwd, pid, \
zonename, arg0);}' >/local/tmp/process_cores.log

Now lets try to kill a process so it tries to dump a core:

root@ bash -x
root@ kill -SIGBUS $$
+ kill -SIGBUS 14054
Bus Error (core dumped)
root@

root@ tail -1 /local/tmp/process_cores.log
2009 Jun 19 16:07:54 exec: bash args: bash -x cwd: /home/milek pid: 14054 zone: global signal: 10
root@
The overhead of running the script is practically none unless you're trying to dump as many core dumps as possible per second and even then the overhead should be relatively small :)

No comments: