2

Question :

How to dump data (byte-stream) written from an application to the filesystem ? (something like tcpdump but for IO/file).

Ideally it should be able to "attach" and dump the stream while it is beeing written, without specific configuration of the application.

Context :

I have a Java application that is deployed on some servers. This app is using JCL+Log4j to log all sort of tech stuff.

On a few of them I'm experiencing a rather ... uncommon problem : frequently, log files are polluted by binary data.

Same app, same config, same hardware, same OS ... different behaviour

My logs are all here : if I process the log file with "strings" every thing is back to normal but as I have, let say 90% of binary rubbish, preprocessing the files takes a huge amount of time.

Goal :

Beeing able to figure out if the problem is inside the java app/JVM or in the OS/Hardware

Cerber
  • 1,221
  • 1
  • 13
  • 23

1 Answers1

1

Use strace, like:

strace -p PID -e write -s 1024

it will dump the processe's write system calls. With maximum 1024 string size.

Stone
  • 7,011
  • 1
  • 21
  • 33
  • Nice I didn't know about that! I see in the man that write accepts a list of file descriptors to monitor. How would you get the list of opened file descriptors – Cerber Feb 05 '13 at 14:59
  • Got it : `less /proc/17641/fd` – Cerber Feb 05 '13 at 15:05