[英]Linux SIGINT passive capture
Is there a place where the Linux kernel passively logs SIGKILL (kill -9) shutdown requests? Linux内核是否有地方被动地记录SIGKILL(kill -9)关闭请求?
I have a JVM running that is arbitrarily being shut down and I suspect that, based on the evidence available, is being shut down by a stray process that is somehow issuing a shutdown of the JVM process. 我有一个正在任意关闭的JVM,并且我怀疑,根据现有的证据,这个流失的进程正在以某种方式关闭JVM进程,从而关闭了它。 I have robust logging in place but in order to confirm my suspicion, I'd have to turn up the logging level to overwhelming levels.
我拥有完善的日志记录,但是为了证实自己的怀疑,我必须将日志记录级别提高到压倒性的水平。
I've researched exhaustively through /var/log and can't seem to find any place that might capture and log these SIGKILL events. 我已经通过/ var / log进行了详尽的研究,似乎找不到任何可能捕获和记录这些SIGKILL事件的地方。 Any ideas where I might find these events, if they exist?
有什么想法可以找到这些事件(如果存在)吗?
Option 1: 选项1:
If your kernel has ftrace support (very likely) try the killsnoop
tool from Brendan Gregg's perf-tools : 如果您的内核支持ftrace (很有可能),请尝试使用Brendan Gregg的perf-tools中的
killsnoop
工具 :
wget https://raw.githubusercontent.com/brendangregg/perf-tools/master/killsnoop
chmod +x killsnoop
sudo ./killsnoop -s
More usage examples in the killsnoop_example.txt file. killsnoop_example.txt文件中有更多用法示例。
Option 2: (passive capture) 选项2 :(被动捕获)
If your kernel has no ftrace support you can use the kernel-siglog
kernel module from https://github.com/nfedera/kernel-siglog : 如果您的内核不支持ftrace,则可以使用https://github.com/nfedera/kernel-siglog中的
kernel-siglog
内核模块:
git clone https://github.com/nfedera/kernel-siglog.git
cd kernel-siglog/
make
sudo insmod siglog.ko
Once inserted the siglog
kernel module will record the last 10,000 signals in /proc/siglog
插入
siglog
内核模块后,它将在/proc/siglog
记录最后10,000个信号
I had a similar issue and found the culprit using this kernel module. 我遇到了类似的问题,并发现了使用此内核模块的罪魁祸首。 I had it inserted on a customer's server for some weeks and when the service was killed I logged in, did a
cat /proc/siglog
and found that my service was killed by a customer's own buggy watchdog script. 我将其插入客户服务器上数周,当服务被
cat /proc/siglog
,我登录了,执行了cat /proc/siglog
,发现我的服务被客户自己的越野车监视脚本杀死了。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.