夜行人

我们在做服务器程序的时候，经常要知道一个请求的响应时间，借以优化或者定位问题。 通常的做法是在代码里面加入日志计算时间，这个方法有问题，时间不准确。因为数据从网卡到应用程序，从应用到网卡的时间没有被计算在内。 而且这个时间随着系统的负载有很大的变化。
那同学说，我wireshark, tcpdump抓包人肉统计不行吗。 可以的，只不过我会很同情你，此举需要耐心且不具可持续性。 所以我们希望有个工具能够最少费力的做这个事情。

这时候来自percona的tcprstat来救助了！ 这个工具原本开发用来调查mysqld的性能问题，所以不要奇怪它的默认端口是3306, 但是我们可以用这个工具来调查典型的request->response类型的服务器。

什么是tcprstat:

tcprstat is a free, open-source TCP analysis tool that watches network traffic and computes the delay between requests and responses. From this it derives response-time statistics and prints them out. The output is similar to other Unix -stat tools such as vmstat, iostat, and mpstat. The tool can optionally watch traffic to only a specified port, which makes it practical for timing requests and responses to a single daemon process such as mysqld, httpd, memcached, or any of a variety of other server processes.

文档很详细： 请参考： http://www.percona.com/docs/wiki/tcprstat:start

不愿意编译的同学直接从这里下载64位系统的编译好的二进制： http://github.com/downloads/Lowercases/tcprstat/tcprstat-static.v0.3.1.x86_64

源码编译也挺容易的： 由于它自带libpcap包， 这个包有可能在configure的时候没认识好netlink, 只要把config.h里面的netlink那个define注释掉就好。

编译好了， 典型使用很简单：

# tcprstat -p 3306 -t 1 -n 5
timestamp count max min avg med stddev 95_max 95_avg 95_std 99_max 99_avg 99_std
1283261499 1870 559009 39 883 153 13306 1267 201 150 6792 323 685
1283261500 1865 25704 29 578 142 2755 889 175 107 23630 333 1331
1283261501 1887 26908 33 583 148 2761 714 176 94 23391 339 1340
1283261502 2015 304965 35 624 151 7204 564 171 79 8615 237 507
1283261503 1650 289087 35 462 146 7133 834 184 120 3565 244 358

但是这个tcprstat在bonding的网卡下有点问题：

# /sbin/ifconfig
bond0 Link encap:Ethernet HWaddr A4:BA:DB:28:B5:AB
inet addr:10.232.31.19 Bcast:10.232.31.255 Mask:255.255.255.0
inet6 addr: fe80::a6ba:dbff:fe28:b5ab/64 Scope:Link
UP BROADCAST RUNNING MASTER MULTICAST MTU:1500 Metric:1
RX packets:19451951688 errors:0 dropped:4512 overruns:0 frame:0
TX packets:26522074966 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:6634368171533 (6.0 TiB) TX bytes:32576206882863 (29.6 TiB)
…
# tcprstat -p 3306 -t 1 -n 5
pcap: SIOCGIFFLAGS: bonding_masters: No such device

解决方案是:

# sudo tcprstat -p 3306 -t 1 -n 0 -l `/sbin/ifconfig | grep ‘addr:[^ ]\+’ -o | cut -f 2 -d : | xargs echo | sed -e ’s/ /,/g’`

在典型满负载的mysql服务器上抓包的开销是：

26163 root 18 0 104m 5304 4696 S 18.3 0.0 49:47.58 tcprstat

用IP方式，而不是网络接口方式搞定。

祝大家玩的开心。

转载自：http://rdc.taobao.com/blog/cs/?p=728

1) 检查当前僵尸进程信息

# ps -ef | grep defunct | grep -v grep | wc -l

175

# top | head -2

top - 15:05:54 up 97 days, 23:49, 4 users, load average: 0.66, 0.45, 0.39

Tasks: 829 total, 1 running, 479 sleeping, 174 stopped, 175 zombie

# ps -ef | grep defunct | grep -v grep

2) 获得杀僵尸进程语句

# ps -ef | grep defunct | grep -v grep | awk '{print "kill -9 " $2,$3}'

执行上面获得的语句即可, 使用信号量9, 僵尸进程数会大大减少.

3) 过一会儿检查当前僵尸进程信息

# ps -ef | grep defunct | grep -v grep | wc -l

125

# top | head -2

top - 15:29:26 up 98 days, 12 min, 7 users, load average: 0.27, 0.54, 0.56

Tasks: 632 total, 1 running, 381 sleeping, 125 stopped, 125 zombie

发现僵尸进程数减少了一些, 但还有不少啊.

4) 再次获得杀僵尸进程语句

# ps -ef | grep defunct | grep -v grep | awk '{print "kill -18 " $3}'

执行上面获得的语句即可, 这次使用信号量18杀其父进程, 僵尸进程应该会全部消失.

5) 过一会儿再检查当前僵尸进程信息

# ps -ef | grep defunct | grep -v grep | wc -l

0

# top | head -2

top - 15:39:46 up 98 days, 23 min, 7 users, load average: 5.46, 2.20, 1.12

Tasks: 134 total, 1 running, 133 sleeping, 0 stopped, 0 zombie

6) 清除ZOMBIE(僵尸)进程原理

# kill -18 PPID

PPID是其父进程, 这个信号是告诉父进程, 该子进程已经死亡了, 请收回分配给他的资源. 如果还不行则看先看其父进程又无其他子进程, 如果有, 可能需要先kill其他子进程, 也就是兄弟进程.

方法是:

# kill -15 PID1 PID2

PID1,PID2是僵尸进程的父进程的其它子进程.

然后再kill父进程:

# kill -15 PPID

--End--

An inode identifies the file and its attributes such as file size, owner, and so on. A unique inode number within the file system identifies each inode. But, why to delete file by an inode number? Sure, you can use rm command to delete file. Sometime accidentally you creates filename with control characters or characters which are unable to be input on a keyboard or special character such as ?, * ^ etc. Removing such special character filenames can be problem. Use following method to delete a file with strange characters in its name:

Please note that the procedure outlined below works with Solaris, FreeBSD, Linux, or any other Unixish oses out there:

Find out file inode
First find out file inode number with any one of the following command:

stat {file-name}

OR

ls -il {file-name}

Use find command to remove file:
Use find command as follows to find and remove a file:

find . -inum [inode-number] -exec rm -i {} \;

When prompted for confirmation, press Y to confirm removal of the file.

Delete or remove files with inode number
Let us try to delete file using inode number.

(a) Create a hard to delete file name:
$ cd /tmp
$ touch "\+Xy \+\8"
$ ls
(b) Try to remove this file with rm command:
$ rm \+Xy \+\8

(c) Remove file by an inode number, but first find out the file inode number:
$ ls -ilOutput:

781956 drwx------ 3 viv viv 4096 2006-01-27 15:05 gconfd-viv
781964 drwx------ 2 viv viv 4096 2006-01-27 15:05 keyring-pKracm
782049 srwxr-xr-x 1 viv viv 0 2006-01-27 15:05 mapping-viv
781939 drwx------ 2 viv viv 4096 2006-01-27 15:31 orbit-viv
781922 drwx------ 2 viv viv 4096 2006-01-27 15:05 ssh-cnaOtj4013
781882 drwx------ 2 viv viv 4096 2006-01-27 15:05 ssh-SsCkUW4013
782263 -rw-r--r-- 1 viv viv 0 2006-01-27 15:49 \+Xy \+\8Note: 782263 is inode number.

(d) Use find command to delete file by inode:
Find and remove file using find command, type the command as follows:
$ find . -inum 782263 -exec rm -i {} \;
Note you can also use add \ character before special character in filename to remove it directly so the command would be:
$ rm "\+Xy \+\8"
If you have file like name like name "2005/12/31" then no UNIX or Linux command can delete this file by name. Only method to delete such file is delete file by an inode number. Linux or UNIX never allows creating filename like 2005/12/31 but if you are using NFS from MAC OS or Windows then it is possible to create a such file.

转载自：http://www.cyberciti.biz/tips/delete-remove-files-with-inode-number.html

Recently we had lot of discussion regarding this issue. How to remove files securely so that it cannot be undeleted. Peter Gutmann paper "Secure Deletion of Data from Magnetic and Solid-State Memory" has very good information. Here are some commands/tools available under Debian GNU/Linux (it should work with other Linux distributions) to delete file securely.

srm: Securely remove files or directories
This command is a replacement for rm command. It works under Linux/BSD/UNIX-like OSes. It removes each specified file by overwriting, renaming, and truncating it before unlinking. This prevents other people from undelete or recovering any information about the file from the command line. Because it does lots of operation on file/directory for secure deletion, it also takes lot of time to remove it. Download srm from http://sourceforge.net/projects/srm (RPM file is also available for RPM based Linux distributions)

i) Untar and install the srm:

# ./configure
# make
# make install ii) How to use srm?
srm syntax is like rm command. Read man srm. Here is simple example:

$ srm privateinfo.docwipe: It is a secure file wiping utility
Download wipe from http://wipe.sourceforge.net/
i) Untar and install the wipe

# ./configure
# make
# make installii) How to use wipe?

$ wipe filenameRead man page of wipe for information.

shred: Delete a file securely, first overwriting it to hide its contents.
It is available on most of Linux distributions including Debian GNU/Linux. To remove file called personalinfo.tar.gz :

$ shred -n 200 -z -u personalinfo.tar.gzWhere,

-n: Overwrite N (200) times instead of the default (25)
-z: Add a final overwrite with zeros to hide shreddin
-u: Truncate and remove file after overwriting
Read the man page of shred(1) for more information. Most of these utilities are not effective (read as useless) only if :

File system is log-structured or journaled filesystems, such as JFS, ReiserFS, XFS, Ext3 etc
Your filesystems is RAID-based, compressed filesystem etc
In addition, file system backups and remote mirrors may contain copies of the file that cannot be removed by these utilities.
See also:

Delete (remove) files with inode number - to remove special character filename

转载自：http://www.cyberciti.biz/tips/linux-how-to-delete-file-securely.html

1. Linux Server's IP:192.168.1.100

2. Install Desktop Enviroment on server

2.1 List software group
yum grouplist

2.2 Install Gnome
yum groupinstall "GNOME Desktop Environment"

2.3 The server can run in level 3 or level 5.By default,OPENSSH enable X11 forward,make sure your /etc/ssh/sshd_config on "X11 forward" look like

X11Forwarding yes

3. Configure Linux client which must run in level 5

3.1 login in the server
[root@client ~]# ssh -X username@192.168.1.100

the output should contain DISPLAY
[root@server_192.168.1.100 ~]# env |grep -i DISPLAY
DISPLAY=localhost:10.0

[root@server_192.168.1.100 ~]# xclock

If you can see a clock,it means that the X11 forward is successful.

4. Configure Windows client
4.1 Install X server : Xming and launch it.
4.2 Install a ssh client,such as SecureCRT,putty.
4.3 Configure SecureCRT
Options--Session Options--Connection--Port Forward--Remote/X11
enable Forward X11 packets,click ok,Connect to the server 192.168.1.100,after login in,also type "env |grep -i DISPLAY" to make sure the desktop enviroment is ok.

type xclock,you will see a clock.