Além dos utilitários nativos a nível de S.O, também podemos recorrer ao OSWatcher para nos ajudar em investigações que precisem de indicadores previamente coletados, como CPU, memória, I/O, network, etc. Esta ferramenta realiza as coletas periodicamente e persiste as informações em arquivos, que podem ser analisados posteriormente. Neste artigo vamos seguir o procedimento destacado nos Oracle Notes “Oracle Linux: How to Install and Configure OSWatcher Using RPM (Doc ID 2560609.1)” e “OS Watcher User’s Guide (Doc ID 1531223.1)“.
Ambiente de laboratório:
[root@oel7 ~]# cat /etc/*release*
Oracle Linux Server release 7.7
NAME="Oracle Linux Server"
VERSION="7.7"
ID="ol"
ID_LIKE="fedora"
VARIANT="Server"
VARIANT_ID="server"
VERSION_ID="7.7"
PRETTY_NAME="Oracle Linux Server 7.7"
ANSI_COLOR="0;31"
CPE_NAME="cpe:/o:oracle:linux:7:7:server"
HOME_URL="https://linux.oracle.com/"
BUG_REPORT_URL="https://bugzilla.oracle.com/"
ORACLE_BUGZILLA_PRODUCT="Oracle Linux 7"
ORACLE_BUGZILLA_PRODUCT_VERSION=7.7
ORACLE_SUPPORT_PRODUCT="Oracle Linux"
ORACLE_SUPPORT_PRODUCT_VERSION=7.7
Red Hat Enterprise Linux Server release 7.7 (Maipo)
Oracle Linux Server release 7.7
cpe:/o:oracle:linux:7:7:server
[root@oel7 ~]#
Instalando o pacote:
[root@oel7 etc]# wget https://yum.oracle.com/repo/OracleLinux/OL7/addons/x86_64/getPackage/oswatcher-9.0.0-5.el7.noarch.rpm
--2023-01-16 19:22:17-- https://yum.oracle.com/repo/OracleLinux/OL7/addons/x86_64/getPackage/oswatcher-9.0.0-5.el7.noarch.rpm
Resolving yum.oracle.com (yum.oracle.com)... 104.83.13.243, 2a02:26f0:dd:181::2a7d, 2a02:26f0:dd:19d::2a7d
Connecting to yum.oracle.com (yum.oracle.com)|104.83.13.243|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 53280 (52K) [application/x-rpm]
Saving to: ‘oswatcher-9.0.0-5.el7.noarch.rpm’
100%[============================================================================================>] 53,280 191KB/s in 0.3s
2023-01-16 19:22:21 (191 KB/s) - ‘oswatcher-9.0.0-5.el7.noarch.rpm’ saved [53280/53280]
[root@oel7 etc]#
[root@oel7 etc]# ll *osw*
-rw-r--r--. 1 root root 53280 Sep 8 2021 oswatcher-9.0.0-5.el7.noarch.rpm
[root@oel7 etc]# yum install oswatcher-9.0.0-5.el7.noarch.rpm
Loaded plugins: langpacks, ulninfo
Examining oswatcher-9.0.0-5.el7.noarch.rpm: oswatcher-9.0.0-5.el7.noarch
Marking oswatcher-9.0.0-5.el7.noarch.rpm to be installed
Resolving Dependencies
--> Running transaction check
---> Package oswatcher.noarch 0:9.0.0-5.el7 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
======================================================================================================================================
Package Arch Version Repository Size
======================================================================================================================================
Installing:
oswatcher noarch 9.0.0-5.el7 /oswatcher-9.0.0-5.el7.noarch 234 k
Transaction Summary
======================================================================================================================================
Install 1 Package
Total size: 234 k
Installed size: 234 k
Is this ok [y/d/N]: y
Downloading packages:
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Warning: RPMDB altered outside of yum.
Installing : oswatcher-9.0.0-5.el7.noarch 1/1
Verifying : oswatcher-9.0.0-5.el7.noarch 1/1
Installed:
oswatcher.noarch 0:9.0.0-5.el7
Complete!
[root@oel7 etc]#
Editando arquivo de configurações (como é apenas laboratório, deixei o período de retenção baixo):
[root@oel7 etc]# cat /etc/sysconfig/oswatcher
# The directory where oswatcher logs should be kept
DATADIR=/var/log/oswatcher
# The interval (in seconds) between runs runs of statistics collections
INTERVAL=30
# The maximum age (in hours) of the various log files
MAXAGE=4
# An optional program used to compress the log files
ZIP=gzip
[root@oel7 etc]#
Inicializando o serviço:
[root@oel7 etc]# systemctl start oswatcher
[root@oel7 etc]# systemctl status oswatcher
● oswatcher.service - OSWatcher:set of scripts used to periodically collect OS and network metrics.
Loaded: loaded (/usr/lib/systemd/system/oswatcher.service; enabled; vendor preset: disabled)
Active: active (running) since Mon 2023-01-16 19:28:35 -03; 5s ago
Main PID: 31518 (OSWatcher)
Tasks: 2
CGroup: /system.slice/oswatcher.service
├─31518 /bin/sh /usr/sbin/OSWatcher 30 4 gzip /var/log/oswatcher
└─31594 mpstat -P ALL 1 2
Jan 16 19:28:35 oel7.localdomain systemd[1]: Started OSWatcher:set of scripts used to periodically collect OS and network metrics..
Jan 16 19:28:35 oel7.localdomain OSWatcher[31518]: Info...Zip option IS specified.
Jan 16 19:28:35 oel7.localdomain OSWatcher[31518]: Info...OSW will use gzip to compress files.
Jan 16 19:28:35 oel7.localdomain OSWatcher[31518]: Changing current working directory to /var/log/oswatcher
[root@oel7 etc]#
Já é possível ver a disposição das pastas que abrigarão os arquivos com as coletas realizadas:
[root@oel7 etc]# cd /var/log/oswatcher
[root@oel7 oswatcher]# ll
total 8
drwxr-xr-x. 21 root root 4096 Jan 16 19:28 archive
drwxr-xr-x. 2 root root 103 Jan 16 19:32 locks
-rw-r--r--. 1 root root 1303 Jan 16 19:32 log
drwxr-xr-x. 2 root root 38 Jan 16 19:32 tmp
[root@oel7 oswatcher]# cd archive/
[root@oel7 archive]# ll
total 0
drwxr-xr-x. 2 root root 52 Jan 16 19:28 oswarp
drwxr-xr-x. 2 root root 58 Jan 16 19:28 oswbuddyinfo
drwxr-xr-x. 2 root root 104 Jan 16 19:28 oswcpuinfo
drwxr-xr-x. 2 root root 57 Jan 16 19:28 oswifconfig
drwxr-xr-x. 2 root root 55 Jan 16 19:28 oswiostat
drwxr-xr-x. 2 root root 56 Jan 16 19:28 oswmeminfo
drwxr-xr-x. 2 root root 55 Jan 16 19:28 oswmpstat
drwxr-xr-x. 2 root root 56 Jan 16 19:28 oswnetstat
drwxr-xr-x. 2 root root 58 Jan 16 19:28 oswnfsiostat
drwxr-xr-x. 2 root root 6 Jan 16 19:28 oswnumastat
drwxr-xr-x. 2 root root 57 Jan 16 19:28 oswpagetype
drwxr-xr-x. 2 root root 56 Jan 16 19:28 oswpidstat
drwxr-xr-x. 2 root root 6 Jan 16 19:28 oswprvtnet
drwxr-xr-x. 2 root root 51 Jan 16 19:28 oswps
drwxr-xr-x. 2 root root 57 Jan 16 19:28 oswslabinfo
drwxr-xr-x. 2 root root 52 Jan 16 19:28 oswtop
drwxr-xr-x. 2 root root 55 Jan 16 19:28 oswvmstat
drwxr-xr-x. 2 root root 6 Jan 16 19:28 oswxentop
drwxr-xr-x. 2 root root 57 Jan 16 19:28 oswzoneinfo
[root@oel7 archive]#
Entrando na pasta oswtop, percebemos que o arquivo é alterado de tempos em tempos, conforme a periodicidade definida no arquivo de configuração:
[root@oel7 archive]# cd oswtop
[root@oel7 oswtop]# ll
total 60
-rw-r--r--. 1 root root 57859 Jan 16 19:35 oel7.localdomain_top_23.01.16.1900.dat
[root@oel7 oswtop]# date
Mon Jan 16 19:36:15 -03 2023
[root@oel7 oswtop]# ll
total 60
-rw-r--r--. 1 root root 57859 Jan 16 19:35 oel7.localdomain_top_23.01.16.1900.dat
[root@oel7 oswtop]# ll
total 60
-rw-r--r--. 1 root root 57859 Jan 16 19:35 oel7.localdomain_top_23.01.16.1900.dat
[root@oel7 oswtop]# ll
total 60
-rw-r--r--. 1 root root 57859 Jan 16 19:35 oel7.localdomain_top_23.01.16.1900.dat
[root@oel7 oswtop]# ll
total 60
-rw-r--r--. 1 root root 57895 Jan 16 19:36 oel7.localdomain_top_23.01.16.1900.dat
O conteúdo deste arquivo por exemplo é o output do comando top:
zzz ***Mon Jan 16 19:38:23 -03 2023
Tasks: 383 total, 1 running, 297 sleeping, 0 stopped, 0 zombie
%Cpu(s): 1.3 us, 1.6 sy, 0.0 ni, 96.9 id, 0.0 wa, 0.0 hi, 0.2 si, 0.0 st
KiB Mem : 16150712 total, 8465304 free, 1526056 used, 6159352 buff/cache
KiB Swap: 1261564 total, 1261564 free, 0 used. 11256316 avail Mem
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
5726 root 20 0 110256 2708 1964 S 6.7 0.0 0:00.15 pidstat
5749 root 20 0 163740 4644 3744 R 3.8 0.0 0:00.08 top
2965 grid 20 0 2574652 113756 67544 S 1.0 0.7 2:13.37 ohasd.bin
3375 grid 20 0 1042240 42164 30300 S 1.0 0.3 1:09.50 cssdagent
3642 grid -2 0 1554232 64464 61232 S 1.0 0.4 3:03.47 asm_vktm_++
3762 oracle -2 0 2983032 60736 57468 S 1.0 0.4 3:04.12 ora_vktm_c+
16225 root 20 0 115164 3468 2832 S 1.0 0.0 0:06.29 bash
1 root 20 0 194096 8876 5808 S 0.0 0.1 0:09.79 systemd
2 root 20 0 0 0 0 S 0.0 0.0 0:00.02 kthreadd
4 root 0 -20 0 0 0 I 0.0 0.0 0:00.00 kworker/0:+
6 root 0 -20 0 0 0 I 0.0 0.0 0:00.00 mm_percpu_+
Portuguese
English
Spanish