Hello Guys,
Someone or, some tool has killed the application process with signal 9 (kill -9) . How to track that in Solaris?
On AIX we can use light-weight tool called ProbeVue to track it but not sure how to do it on Solaris. Appreciate your help.
Kelly
See this:
https://wikis.oracle.com/display/DTrace/proc\+Provider
Probably something like this:
proc:::signal_send
/ args[ 1 ]->pr_fname == "YourAppBinaryNameHere" /
{
printf( "%s PID %d from %d is sending signal %d to app\n",
execname, pid, uid, args[ 2 ] );
}
This signal would have to have come from either:-
Does that narrow your targets down?
If it's a historical thing, then you can't find it, unless the process dumped memory and it's buried in there, but even so you might have trouble identifying who actually did it.
For sudo usage, these are normally logged by the syslog daemon, do if you know the event time, perhaps you can work through that too.