awk examples
cat 03092608.LOG|grep XYZ|awk -F”.” ‘{print $2}’ |sort|awk ‘{tot += 1 } $1 != prev {print prev,tot;tot=0;prev=$1}END{print prev,tot;tot=0;prev=$1}’
adhocs
1. find_processes_using_ipcs.ksh
ipcs -bop|grep `whoami`|awk ‘{print $10}’|egrep -v “^0|^$”|sort -u|awk ‘{print “ps -ef|grep “, $1}’|ksh
2. iostat
iostat -xn 4 30
3. jmap
jmap -heap:format=b <pid>
4. monitorMemLeaking
if [ $# -lt 1 ]
then
echo “Usage: $0 [pid]”
exit
fi
PID=$1
while true
do
vsz1=`ps -eo vsz,rss,pid|grep “$PID$” |awk ‘{print $2}’`
rss1=`ps -eo vsz,rss,pid|grep “$PID$” |awk ‘{print $3}’`
echo “vsz1=$vsz1, rss1=$rss1… wait for 5 mins\n”
sleep 300
vsz2=`ps -eo vsz,rss,pid|grep “$PID$” |awk ‘{print $2}’`
rss2=`ps -eo vsz,rss,pid|grep “$PID$” |awk ‘{print $3}’`
echo “vsz2=$vsz2, rss2=$rss2\n”
let vszLeakingRate=”(${vsz2} – ${vsz1}) / 5″
let rssLeakingRate=”(${rss2} – ${rss1}) / 5″
echo “PID=$PID, vszLeakingRate = $vszLeakingRate (KB)/ per min, rssLeakingRate=$rssLeakingRate (KB)/per min\n\n”
done
5. port_check.ksh
#!/usr/bin/ksh
#If lsof or nmap is available, we might be able to do this easily
echo “which port?>\c “
read port
#for pid in `ps -ef -o pid | tail +2`
#do
#foundport=`/usr/bin/pfiles $pid 2>&1 | grep “sockname:” | grep “port: $port$”`
#if [ “$foundport” != “” ]
#then
# echo “proc: $pid, $foundport”
#fi
#done
#
echo “Going to find out which process is using port: $port”
ps -ef|grep `whoami`|grep -v grep|awk ‘{print $2}’|while read i
do
# check=`pfiles $i 2>&-|grep “sockname:” | grep “port:” | grep $port$”`
check=`pfiles $i 2>&-| grep $port$”`
echo “$check.\c”
if [ ! -z “${check}” ]
then
print “\n”
print “The port number $port used by process ID=$i”
#break
fi
check=””
done
exit
6. Difference between SIZE and RSS of a process?
The basic difference is that SIZE represents the total address space size of a process, while RSS is the actual physical memory currently occupied by pages belonging to that process (roughly speaking). Regions of an address space mapped to something don’t necessarily occupy any RAM.
7. RSS_vs_real_memory.txt
Using the ps command it is possible to look at the resident set size (rss) parameter of each process… it is my understanding that the value of rss indicates how much real memory the process is using… if i sum up all of the rss values for each process, i sometimes find that the sum is greater than the available real memory installed in the system…
The non-modifiable parts (the compiled code & const data) of shared libraries & ELF binaries are only loaed into memory once and those are shared among all the processes. The modifiable parts (non-const data, etc.) are copied into each processes’s address space.
/usr/proc/bin/pmap -x will show you how much is shared and how much is not.
8. vmstat
The “free” column tells you how much real memory is *not* being used. That’s usually more important — if that gets low, then you need more memory. And if it’s always very high, you could be wasting memory. The “top” command also shows this information.
The problem with top and vmstat is that they do not account for the real memory that the OS keeps cached. Memory that the OS caches looks to these programs like active memory. In a sense it is active memory since the OS is hanging on to it waiting for new requests… but, it is deceptive since the memory is actually available for use…
Also, just because free memory may be reported as low on a system does not necessarily indicate that the machine needs more memory… other things such as heavy paging and the scanner running often are better indicators that there is not enough real memory… this is due to the OS caching mentioned above… the system may seem low on memory but the OS is holding onto blocks of memory that are actually available for use by processes
9. socket-status.txt
State Description
LISTEN accepting connections
ESTABLISHED connection up and passing data
SYN_SENT TCP; session has been requested by us; waiting for reply from remote endpoint
SYN_RECV TCP; session has been requested by a remote endpoint for a socket on which we were listening
LAST_ACK TCP; our socket is closed; remote endpoint has also shut down; we are waiting for a final acknowledgement
CLOSE_WAIT TCP; remote endpoint has shut down; the kernel is waiting for the application to close the socket
TIME_WAIT TCP; socket is waiting after closing for any packets left on the network
CLOSED socket is not being used (FIXME. What does mean?)
CLOSING TCP; our socket is shut down; remote endpoint is shut down; not all data has been sent
FIN_WAIT1 TCP; our socket has closed; we are in the process of tearing down the connection
FIN_WAIT2 TCP; the connection has been closed; our socket is waiting for the remote endpoint to shut down
10. ssh setup
ssh-keygen generate 2 files which go hand-in-hand. The private key file (id_rsa) should reside on my $HOME/.ssh, in order to encrypt things; the putlib key file(id_rsa.pub) should be appended in remote host at its $HOME/.ssh/authorized_keys file.
When I ssh to remote host, remote host’s daemon (sshd) will decrypt my logon using the public key from $HOME/.ssh/authorized_keys file. This will allow me
to logon without prompting for password.
This is the logic:
1)ssh remoteHost
2)ssh look at $HOME/.ssh/id_rsa and also $HOME/.ssh/known_hosts
create request and send to remoteHost
3)remoteHost will look at its $HOME/.ssh/authorized_keys and if it does see one entry
which is able to decipher the request, connect is OK
4)ssh on the originating host will put an entry to $HOME/.ssh/known_hosts if it’s not there
11. ucbps
#Long form of ps command
/usr/ucb/ps -auxww
12. who_did_what
#!/bin/ksh
#
#####
STRING1=$1
STRING2=$2
STDOUT=/tmp/stdout.out
echo “” > $STDOUT
cd $HOME
#for i in `ls $HOME/.history.[a-z]*`
for i in `ls .history.[a-z]*`
do
if (( `strings $i | grep -i $STRING1 | grep -i $STRING2 | wc -l` > “0” ))
then
echo ” ## `ls $i` ## ” # >> $STDOUT
strings $i | grep -i $STRING1 | grep -i $STRING2 # >> $STDOUT
fi
done
Recent Comments