forked from bpftrace/bpftrace
-
Notifications
You must be signed in to change notification settings - Fork 0
/
syscount_example.txt
42 lines (35 loc) · 1.12 KB
/
syscount_example.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
Demonstrations of syscount, the Linux bpftrace/eBPF version.
syscount counts system calls, and prints summaries of the top ten syscall IDs,
and the top ten process names making syscalls. For example:
# syscount.bt
Attaching 3 probes...
Counting syscalls... Hit Ctrl-C to end.
^C
Top 10 syscalls IDs:
@syscall[6]: 36862
@syscall[21]: 42189
@syscall[13]: 44532
@syscall[12]: 58456
@syscall[9]: 82113
@syscall[8]: 95575
@syscall[5]: 147658
@syscall[3]: 163269
@syscall[2]: 270801
@syscall[4]: 326333
Top 10 processes:
@process[rm]: 14360
@process[tail]: 16011
@process[objtool]: 20767
@process[fixdep]: 28489
@process[as]: 48982
@process[gcc]: 90652
@process[command-not-fou]: 172874
@process[sh]: 270515
@process[cc1]: 482888
@process[make]: 1404065
The above output was traced during a Linux kernel build, and the process name
with the most syscalls was "make" with 1,404,065 syscalls while tracing. The
highest syscall ID was 4, which is stat().
There is another version of this tool in bcc: https://github.com/iovisor/bcc
The bcc version provides different command line options, and translates the
syscall IDs to their syscall names.