A script to collect snoop/tcpdump on Linux/Solaris Servers in case of segmentation fault ?

We faced a strange issue where a segmentation fault occurs randomly on server and there are no logs captured on server to analyze the issue.

In this situation, we got stuck with no way forward.

Hence i have created a script to capture a snoop trace on solaris host, and tcpdump on linux host to capture the network behavior to know the abnormalities with the particular process or application while interacting with network elements.

Here is the script:

ROOTMAIL="/var/mail/root"                                                               ### solaris mail file
snooppid=`ps -ef|grep -i "$SNOOPOUTPUT"|grep -v grep|awk '{print $2}'`

###### Verify if fault occurred by checking command: ls -l /var/tmp/snooppid.txt; if file exists, share the below files.
###### Provide files /var/tmp/before_dump.txt, /var/tmp/after_dump.txt and the snoop file /var/tmp/snoop_dump.pcap for analysis.

if [ `cat $ROOTMAIL | grep -i 'Segmentation Fault' | wc -l` -gt 0  ]; then
        if [ ! -f \"$SNOOPEXISTS\" ]; then
        ### do action if fault occurs like sendmail, etc
        echo $snooppid >> $SNOOPEXISTS
			if [ ! -z "$snooppid" ]; then 
			kill -9 $snooppid
        ttIsql -connStr dsn=sdp_db -v 1  -e " select * from offer_attribute; exit;" > $after_attribute_data
#### Here we will collect snoop if required, snoop is not collected yet.
        if [ ! -f \"$SNOOPEXISTS\" ]; then
			if [ ! -z "$snooppid" ]; then 
			kill -9 $snooppid
        rm -rf $SNOOPOUTPUT;
        snoop -o $SNOOPOUTPUT 2>> $LOGFILE &
        ttIsql -connStr dsn=sdp_db -v 1  -e " select * from offer_attribute; exit;" > $before_attribute_data

Please let me know if you are able to successfully schedule the script on your servers as well…

Also in case of Linux servers, we need to replace snoop with tcpdump command.

Leave a Reply

Your email address will not be published.