Technical Blog Post
Abstract
DTRACE: KILL() [WHO KILLED MY PROCESS?]
Body
This small probevue script will let you know who killed your process. Sometimes you might see that a process gets killed for no obvious reason and you have no idea who killed it. Of course here we're not talking about process dying because of a SEGV or SIGBUS, due to programming errors, but a genuine kill.
In the script below you can of course alter the SIGKILL in the '/ ... /' filter by another signal. The script has to be run as root like this:
# /usr/sbin/dtrace -w -q -o sigkill1.out -s sigkill1.dt
The output file, signal2.out here, might look like this:
[csh - 10030 - 1] sent SIGKILL to pid 14753
The script is:
/*
* sigkill1.dt: Find out who send a SIGKILL to a given target.
*
* Run as user 'root' using the following command line:
*
* /usr/sbin/dtrace -w -q -o sigkill1.out -s sigkill1.dt
*
*
* dalla
*/
proc:::signal-send
/ (args[2] == SIGKILL) /
{
printf("[%s - %d - %d] sent SIGKILL to pid %d\n",
execname, pid, tid, args[1]->pr_pid);
}
UID
ibm13286353