-
Notifications
You must be signed in to change notification settings - Fork 8
Home
Stana Project (STrace ANAlyser) is a python-based tool that parse the output of Linux strace and do some analysis and statistics by various plugins. The primary objectives is for Linux system support, who get the strace output file from client, to analysis the strace output for information.
For quick demo just download or checkout the code and run as follow. StatProcessTree is a name of plugin and it can parse the strace file for clone(2) and execve(2) syscalls and sort out the fork tree of the process.
# ./strace_analyser -e StatProcessTree test/stardict.out
====== Process Tree ======
6498 ["/usr/bin/stardict"]
6501 ["/usr/bin/stardict"]
6502 ["/usr/bin/stardict"]
6503 ["/bin/sh"]
6504 ["/usr/bin/man"]
6505 ["/usr/bin/stardict"]
6506 ["/usr/bin/stardict"]
6507 ["/usr/bin/stardict"]
6508 ["/usr/bin/stardict"]
6509 ["/bin/sh"]
6510 ["/usr/bin/man"]
6511 ["/usr/bin/stardict"]
6513 ["/bin/sh"]
6514 ["/usr/bin/man"]
6515 ["/usr/bin/stardict"]
6516 ["/usr/bin/stardict"]
6517 ["/bin/sh"]
6518 ["/usr/bin/man"]
Other then sorting out the fork tree, Stana has some other plugins that do different functions. For a list of current plugins please run:
# ./strace_analyser -l
Currently it has the following plugins:
- StatProcessTree : Summarize the process fork tree from the strace file
- StatFileIO : Summarize file IO (file name, read/write bytes, etc) from the strace output
- StatLastSyscall : Find the last unfinished syscall of processes
- StatFutex : Get futex related info (Will be more, feel free to suggest and contribute!)
For usage please run:
# ./strace_analyser -h
Since this project is still in preliminary stage so the structure can change quickly. Here are some basic information:
Stana is based mainly on two parts: the strace parser and the plugins
It is a parser for Linux strace output. Our target is a general strace output parser that can parse different format of strace (i.e. strace run with different options).
Currently it supports:
- with/without -t/-tt (with time)
- with/without -T (with time spent in syscall)
- with/without -f (with pid)
It doesn't support with "-ff" option (multiple file for multiple child process) yet.
The parser will parses the strace output file and pass the syscall result to plugins (see below).
They are some plugins that process the parsed output of strace. Every single plugin can "register" the syscall they are "interested" in. And then when parser parses a line of syscall it will involve the registered plugins to process it.
Every plugins should be the sub-class of StatBase. You can refer to StatBase.py for the methods you should implement. And refer to other plugins as example.
If you are interested, feel free to send email to me: johnlcf_At_gmail_dot_com
Stana is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.