You are here

alp's notes - Alexander Pyhalov

Subscribe to alp's notes - Alexander Pyhalov feed
Updated: 2 weeks 11 hours ago

What is my sftp server doing?

Sat, 10/20/2018 - 22:28
Well, I'm not familiar with DTrace, but sometimes want to find, what some application is doing. In this case I wanted to monitor my sftp server. Luckily, most illumos distributions provide dtrace patch (coming from Oracle Solaris) to find this out. Unluckily, I haven't found any documentation on it, just source code. After reading Translators chapter of DTrace Guide and looking at /usr/lib/dtrace/sftp.d I've come to this:
dtrace -n 'sftp*:::transfer-done { printf ("%d: %s %s %s %d", pid, xlate <sftpinfo_t *>((sftpproto_t*)arg0)->sfi_pathname, xlate <sftpinfo_t *>((sftpproto_t*)arg0)->sfi_user, xlate <sftpinfo_t *>((sftpproto_t*)arg0)->sfi_operation, xlate <sftpinfo_t *>((sftpproto_t*)arg0)->sfi_nbytes ); }'

dtrace: description 'sftp*:::transfer-done ' matched 8 probes
CPU ID FUNCTION:NAME
1 80412 process_read:transfer-done 7409: /export/home/user/1.pp user read 1808
1 80412 process_read:transfer-done 7409: /export/home/user/1.pp user read 0
1 80411 process_write:transfer-done 7409: /export/home/user/1.pp user write 1808
1 80412 process_read:transfer-done 7409: /export/home/user/dtrace/poll.d user read 53
1 80412 process_read:transfer-done 7409: /export/home/user/dtrace/poll.d user read 53

Seems rather interesting to me.
Categories: OpenIndiana