суббота, 20 октября 2018 г.

What is my sftp server doing?

Well, I'm not familiar with DTrace, but sometimes want to find, what some application is doing. In this case I wanted to monitor my sftp server. Luckily, most illumos distributions provide dtrace patch (coming from Oracle Solaris) to find this out. Unluckily, I haven't found any documentation on it, just source code. After reading Translators chapter of DTrace Guide and looking at /usr/lib/dtrace/sftp.d I've come to this:
dtrace -n 'sftp*:::transfer-done { printf ("%d: %s %s %s %d", pid, xlate <sftpinfo_t *>((sftpproto_t*)arg0)->sfi_pathname, xlate <sftpinfo_t *>((sftpproto_t*)arg0)->sfi_user, xlate <sftpinfo_t *>((sftpproto_t*)arg0)->sfi_operation, xlate <sftpinfo_t *>((sftpproto_t*)arg0)->sfi_nbytes  ); }'

dtrace: description 'sftp*:::transfer-done ' matched 8 probes
CPU     ID                    FUNCTION:NAME
  1  80412      process_read:transfer-done 7409: /export/home/user/1.pp user read 1808
  1  80412      process_read:transfer-done 7409: /export/home/user/1.pp user read 0
  1  80411     process_write:transfer-done 7409: /export/home/user/1.pp user write 1808
  1  80412      process_read:transfer-done 7409: /export/home/user/dtrace/poll.d user read 53
  1  80412      process_read:transfer-done 7409: /export/home/user/dtrace/poll.d user read 53

Seems rather interesting to me.