A script to collect snoop/tcpdump on Linux/Solaris Servers in case of segmentation fault ?

We faced a strange issue where a segmentation fault occurs randomly on server and there are no logs captured on server to analyze the issue.

In this situation, we got stuck with no way forward.

Hence i have created a script to capture a snoop trace on solaris host, and tcpdump on linux host to capture the network behavior to know the abnormalities with the particular process or application while interacting with network elements.

Here is the script:


#!/bin/bash
before_attribute_data="/var/tmp/before_dump.txt"
after_attribute_data="/var/tmp/after_dump.txt"
LOGFILE="/var/tmp/dump_sub_logfile.txt"
ROOTMAIL="/var/mail/root"                                                               ### solaris mail file
SNOOPEXISTS="/var/tmp/snooppid.txt"
SNOOPOUTPUT="/var/tmp/snoop_dump.pcap"
snooppid=`ps -ef|grep -i "$SNOOPOUTPUT"|grep -v grep|awk '{print $2}'`

###### Verify if fault occurred by checking command: ls -l /var/tmp/snooppid.txt; if file exists, share the below files.
###### Provide files /var/tmp/before_dump.txt, /var/tmp/after_dump.txt and the snoop file /var/tmp/snoop_dump.pcap for analysis.

          
if [ `cat $ROOTMAIL | grep -i 'Segmentation Fault' | wc -l` -gt 0  ]; then
        if [ ! -f \"$SNOOPEXISTS\" ]; then
        ### do action if fault occurs like sendmail, etc
        echo $snooppid >> $SNOOPEXISTS
			if [ ! -z "$snooppid" ]; then 
			kill -9 $snooppid
			fi
        ttIsql -connStr dsn=sdp_db -v 1  -e " select * from offer_attribute; exit;" > $after_attribute_data
        fi
else
#### Here we will collect snoop if required, snoop is not collected yet.
        if [ ! -f \"$SNOOPEXISTS\" ]; then
			if [ ! -z "$snooppid" ]; then 
			kill -9 $snooppid
			fi
        rm -rf $SNOOPOUTPUT;
        snoop -o $SNOOPOUTPUT 2>> $LOGFILE &
        ttIsql -connStr dsn=sdp_db -v 1  -e " select * from offer_attribute; exit;" > $before_attribute_data
        fi
fi  

Please let me know if you are able to successfully schedule the script on your servers as well…

Also in case of Linux servers, we need to replace snoop with tcpdump command.

0 0 votes
Article Rating
Subscribe
Notify of
guest

0 Comments
Inline Feedbacks
View all comments