1.配合使用systemtap 监控系统对于文件的读写:
[root@db-42 systemtap]# uname -a Linux db-42 2.6.18-194.el5 #1 SMP Mon Mar 29 22:10:29 EDT 2010 x86_64 x86_64 x86_64 GNU/Linux
[root@db-42 systemtap]# more inodewatch.stp
#! /usr/bin/env stap
probe vfs.write, vfs.read
{
# dev and ino are defined by vfs.write and vfs.read
if (dev == MKDEV($1,$2) # major/minor device
&& ino == $3)
printf ("%s(%d) %s 0x%x/%u\n",
execname(), pid(), probefunc(), dev, ino)
}inodewatch.stp takes the following information about the file as arguments on the command line: The file's major device number. The file's minor device number. The file's inode number.
[root@db-42 ~]# stat -c '%D %i' test.dat 803 1831440 [root@db-42 systemtap]# stap inodewatch.stp 0x8 0x3 1831440 dd(27257) vfs_write 0x800003/1831440 dd(27257) vfs_write 0x800003/1831440 dd(27257) vfs_write 0x800003/1831440 dd(27257) vfs_write 0x800003/1831440 dd(27257) vfs_write 0x800003/1831440 dd(27257) vfs_write 0x800003/1831440 dd(27257) vfs_write 0x800003/1831440 [root@db-42 systemtap]# ps -ef |grep 27257 root 27257 27217 74 14:42 pts/6 00:00:14 dd if /dev/zero of /root/test.dat bs 4K count 10000000
——对于 block device的读写 如下:
[root@db-42 ~]# stat -c "0x%D" /dev/sda11 0x11 [root@db-42 ~]# fdisk -l Disk /dev/sda: 1798.6 GB, 1798651772928 bytes 47 heads, 36 sectors/track, 2076236 cylinders Units = cylinders of 1692 * 512 = 866304 bytes Device Boot Start End Blocks Id System /dev/sda1 * 1 242 204714 83 Linux /dev/sda2 243 161225 136191618 82 Linux swap / Solaris /dev/sda3 161226 223198 52429158 83 Linux /dev/sda4 223199 2076236 1567670148 5 Extended /dev/sda5 223199 247987 20971476 83 Linux /dev/sda6 247988 272776 20971476 83 Linux /dev/sda7 272777 390980 100000566 83 Linux /dev/sda8 390981 414068 19532430 83 Linux /dev/sda9 414069 437156 19532430 83 Linux /dev/sda10 437157 460244 19532430 83 Linux /dev/sda11 460245 483332 19532430 83 Linux
[root@db-42 ~]# more traceio2.stp
#! /usr/bin/env stap
global device_of_interest
probe begin {
/* The following is not the most efficient way to do this.
One could directly put the result of usrdev2kerndev()
into device_of_interest. However, want to test out
the other device functions */
dev = usrdev2kerndev($1)
device_of_interest = MKDEV(MAJOR(dev), MINOR(dev))
}
probe vfs.write, vfs.read
{
if (dev == device_of_interest)
printf ("%s(%d) %s 0x%x\n",
execname(), pid(), probefunc(), dev)
}[root@db-42 ~]# stap traceio2.stp 0x11 dd(30266) vfs_read 0x11 dd(30266) vfs_write 0x11 dd(30266) vfs_read 0x11 dd(30266) vfs_write 0x11 dd(30266) vfs_read 0x11 dd(30266) vfs_write 0x11 dd(30266) vfs_read 0x11 dd(30266) vfs_write 0x11 dd(30266) vfs_read 0x11 dd(30266) vfs_write 0x11 dd(30266) vfs_read 0x11 dd(30266) vfs_write 0x11 [oracle@db-42 ~]$ ps -ef |grep 30266 root 30266 27217 99 16:40 pts/6 00:00:32 dd if /dev/zero of /dev/sda11 bs 4K count 100000000
2.直接使用lsof
[root@db-42 ~]# lsof /root/test.dat [root@db-42 ~]# lsof /root/test.dat COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME dd 30756 root 1w REG 8,3 926494720 1831440 /root/test.dat [root@db-42 ~]# lsof /dev/sda sda sda1 sda10 sda11 sda2 sda3 sda4 sda5 sda6 sda7 sda8 sda9 [root@db-42 ~]# lsof /dev/sda11 COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME dd 30761 root 1w BLK 8,11 4548595 /dev/sda11 [root@db-42 ~]# lsof version lsof: status error on version: No such file or directory lsof 4.78 latest revision: ftp://lsof.itap.purdue.edu/pub/tools/unix/lsof/ latest FAQ: ftp://lsof.itap.purdue.edu/pub/tools/unix/lsof/FAQ latest man page: ftp://lsof.itap.purdue.edu/pub/tools/unix/lsof/lsof_man usage: [-?abhlnNoOPRstUvVX] [+|-c c] [+|-d s] [+D D] [+|-f] [-F [f]] [-g [s]] [-i [i]] [+|-L [l]] [+m [m]] [+|-M] [-o [o]] [-p s] [+|-r [t]] [-S [t]] [-T [t]] [-u s] [+|-w] [-x [fl]] [-Z [Z]] [--] [names] Use the ``-h'' option to get more help information.
