fluent-plugin-perf-tools 0.1.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (98) hide show
  1. checksums.yaml +7 -0
  2. data/.gitignore +15 -0
  3. data/.rubocop.yml +26 -0
  4. data/.ruby-version +1 -0
  5. data/CHANGELOG.md +5 -0
  6. data/CODE_OF_CONDUCT.md +84 -0
  7. data/Gemfile +5 -0
  8. data/LICENSE.txt +21 -0
  9. data/README.md +43 -0
  10. data/Rakefile +17 -0
  11. data/bin/console +15 -0
  12. data/bin/setup +8 -0
  13. data/fluent-plugin-perf-tools.gemspec +48 -0
  14. data/lib/fluent/plugin/in_perf_tools.rb +42 -0
  15. data/lib/fluent/plugin/perf_tools/cachestat.rb +65 -0
  16. data/lib/fluent/plugin/perf_tools/command.rb +30 -0
  17. data/lib/fluent/plugin/perf_tools/version.rb +9 -0
  18. data/lib/fluent/plugin/perf_tools.rb +11 -0
  19. data/perf-tools/LICENSE +339 -0
  20. data/perf-tools/README.md +205 -0
  21. data/perf-tools/bin/bitesize +1 -0
  22. data/perf-tools/bin/cachestat +1 -0
  23. data/perf-tools/bin/execsnoop +1 -0
  24. data/perf-tools/bin/funccount +1 -0
  25. data/perf-tools/bin/funcgraph +1 -0
  26. data/perf-tools/bin/funcslower +1 -0
  27. data/perf-tools/bin/functrace +1 -0
  28. data/perf-tools/bin/iolatency +1 -0
  29. data/perf-tools/bin/iosnoop +1 -0
  30. data/perf-tools/bin/killsnoop +1 -0
  31. data/perf-tools/bin/kprobe +1 -0
  32. data/perf-tools/bin/opensnoop +1 -0
  33. data/perf-tools/bin/perf-stat-hist +1 -0
  34. data/perf-tools/bin/reset-ftrace +1 -0
  35. data/perf-tools/bin/syscount +1 -0
  36. data/perf-tools/bin/tcpretrans +1 -0
  37. data/perf-tools/bin/tpoint +1 -0
  38. data/perf-tools/bin/uprobe +1 -0
  39. data/perf-tools/deprecated/README.md +1 -0
  40. data/perf-tools/deprecated/execsnoop-proc +150 -0
  41. data/perf-tools/deprecated/execsnoop-proc.8 +80 -0
  42. data/perf-tools/deprecated/execsnoop-proc_example.txt +46 -0
  43. data/perf-tools/disk/bitesize +175 -0
  44. data/perf-tools/examples/bitesize_example.txt +63 -0
  45. data/perf-tools/examples/cachestat_example.txt +58 -0
  46. data/perf-tools/examples/execsnoop_example.txt +153 -0
  47. data/perf-tools/examples/funccount_example.txt +126 -0
  48. data/perf-tools/examples/funcgraph_example.txt +2178 -0
  49. data/perf-tools/examples/funcslower_example.txt +110 -0
  50. data/perf-tools/examples/functrace_example.txt +341 -0
  51. data/perf-tools/examples/iolatency_example.txt +350 -0
  52. data/perf-tools/examples/iosnoop_example.txt +302 -0
  53. data/perf-tools/examples/killsnoop_example.txt +62 -0
  54. data/perf-tools/examples/kprobe_example.txt +379 -0
  55. data/perf-tools/examples/opensnoop_example.txt +47 -0
  56. data/perf-tools/examples/perf-stat-hist_example.txt +149 -0
  57. data/perf-tools/examples/reset-ftrace_example.txt +88 -0
  58. data/perf-tools/examples/syscount_example.txt +297 -0
  59. data/perf-tools/examples/tcpretrans_example.txt +93 -0
  60. data/perf-tools/examples/tpoint_example.txt +210 -0
  61. data/perf-tools/examples/uprobe_example.txt +321 -0
  62. data/perf-tools/execsnoop +292 -0
  63. data/perf-tools/fs/cachestat +167 -0
  64. data/perf-tools/images/perf-tools_2016.png +0 -0
  65. data/perf-tools/iolatency +296 -0
  66. data/perf-tools/iosnoop +296 -0
  67. data/perf-tools/kernel/funccount +146 -0
  68. data/perf-tools/kernel/funcgraph +259 -0
  69. data/perf-tools/kernel/funcslower +248 -0
  70. data/perf-tools/kernel/functrace +192 -0
  71. data/perf-tools/kernel/kprobe +270 -0
  72. data/perf-tools/killsnoop +263 -0
  73. data/perf-tools/man/man8/bitesize.8 +70 -0
  74. data/perf-tools/man/man8/cachestat.8 +111 -0
  75. data/perf-tools/man/man8/execsnoop.8 +104 -0
  76. data/perf-tools/man/man8/funccount.8 +76 -0
  77. data/perf-tools/man/man8/funcgraph.8 +166 -0
  78. data/perf-tools/man/man8/funcslower.8 +129 -0
  79. data/perf-tools/man/man8/functrace.8 +123 -0
  80. data/perf-tools/man/man8/iolatency.8 +116 -0
  81. data/perf-tools/man/man8/iosnoop.8 +169 -0
  82. data/perf-tools/man/man8/killsnoop.8 +100 -0
  83. data/perf-tools/man/man8/kprobe.8 +162 -0
  84. data/perf-tools/man/man8/opensnoop.8 +113 -0
  85. data/perf-tools/man/man8/perf-stat-hist.8 +111 -0
  86. data/perf-tools/man/man8/reset-ftrace.8 +49 -0
  87. data/perf-tools/man/man8/syscount.8 +96 -0
  88. data/perf-tools/man/man8/tcpretrans.8 +93 -0
  89. data/perf-tools/man/man8/tpoint.8 +140 -0
  90. data/perf-tools/man/man8/uprobe.8 +168 -0
  91. data/perf-tools/misc/perf-stat-hist +223 -0
  92. data/perf-tools/net/tcpretrans +311 -0
  93. data/perf-tools/opensnoop +280 -0
  94. data/perf-tools/syscount +192 -0
  95. data/perf-tools/system/tpoint +232 -0
  96. data/perf-tools/tools/reset-ftrace +123 -0
  97. data/perf-tools/user/uprobe +390 -0
  98. metadata +349 -0
@@ -0,0 +1,100 @@
1
+ .TH killsnoop 8 "2014-09-15" "USER COMMANDS"
2
+ .SH NAME
3
+ killsnoop \- trace kill() syscalls with process and signal details. Uses Linux ftrace.
4
+ .SH SYNOPSIS
5
+ .B killsnoop
6
+ [\-hst] [\-d secs] [\-p pid] [\-n name]
7
+ .SH DESCRIPTION
8
+ This traces kill() syscalls, showing which process killed which pid and
9
+ returns the returncode (0 for success, -1 for error).
10
+
11
+ This implementation is designed to work on older kernel versions, and without
12
+ kernel debuginfo. It works by dynamic tracing of the return value of kill()
13
+ and associating it with the previous kill() syscall return.
14
+ This approach is kernel version specific, and may not work on your version.
15
+ It is a workaround, and proof of concept for ftrace, until more kernel tracing
16
+ functionality is available.
17
+
18
+ Since this uses ftrace, only the root user can use this tool.
19
+ .SH REQUIREMENTS
20
+ FTRACE and KPROBE CONFIG, syscalls:sys_enter_kill and
21
+ syscalls:sys_exit_kill kernel tracepoints (you may already have these
22
+ on recent kernels) and awk.
23
+ .SH OPTIONS
24
+ .TP
25
+ \-d secs
26
+ Set the duration of tracing, in seconds. Trace output will be buffered and
27
+ printed at the end. This also reduces overheads by buffering in-kernel,
28
+ instead of printing events as they occur.
29
+
30
+ The ftrace buffer has a fixed size per-CPU (see
31
+ /sys/kernel/debug/tracing/buffer_size_kb). If you think events are missing,
32
+ try increasing that size.
33
+ .TP
34
+ \-h
35
+ Print usage message.
36
+ .TP
37
+ \-n name
38
+ Only show processes matching this process name. Partial strings and regular
39
+ expressions are allowed. This is post-filtered using awk.
40
+ .TP
41
+ \-p PID
42
+ Only trace this process ID. This is filtered in-kernel.
43
+ .TP
44
+ \-s
45
+ Use human readable signal names, instead of signal numbers.
46
+ .TP
47
+ \-t
48
+ Include timestamps, in seconds.
49
+ .SH EXAMPLES
50
+ .TP
51
+ Trace all kill() syscalls with details:
52
+ #
53
+ .B killsnoop
54
+ .TP
55
+ Trace kill() syscalls with readable signal names, and times:
56
+ #
57
+ .B killsnoop -st
58
+ .TP
59
+ Track kill() syscalls for processes named "httpd":
60
+ #
61
+ .B killsnoop -n httpd
62
+ .SH FIELDS
63
+ .TP
64
+ TIMEs
65
+ Time of open() completion, in units of seconds.
66
+ .TP
67
+ COMM
68
+ Process name (if known) of the process that issued the signal.
69
+ .TP
70
+ PID
71
+ Process ID that issued the signal.
72
+ .TP
73
+ TPID
74
+ Target PID for the signal.
75
+ .TP
76
+ SIGNAL
77
+ Signal number sent to the target process, or name if -s is used.
78
+ .TP
79
+ RETURN
80
+ Return status: 0 for success, -1 for failure.
81
+ .SH OVERHEAD
82
+ This reads and kill() syscalls as they occur. For high rates of kills (> 500/s),
83
+ the overhead may begin to be measurable, however, the rate is unlikely to get
84
+ this high. And if it is: you should investigate why. Test yourself. You can
85
+ also use the \-d mode to buffer output, reducing overheads.
86
+ .SH SOURCE
87
+ This is from the perf-tools collection.
88
+ .IP
89
+ https://github.com/brendangregg/perf-tools
90
+ .PP
91
+ Also look under the examples directory for a text file containing example
92
+ usage, output, and commentary for this tool.
93
+ .SH OS
94
+ Linux
95
+ .SH STABILITY
96
+ Unstable - in development.
97
+ .SH AUTHOR
98
+ Martin Probst
99
+ .SH SEE ALSO
100
+ tpoint(8), execsnoop(8), opensnoop(8)
@@ -0,0 +1,162 @@
1
+ .TH kprobe 8 "2014-07-20" "USER COMMANDS"
2
+ .SH NAME
3
+ kprobe \- trace a given kprobe definition. Kernel dynamic tracing. Uses Linux ftrace.
4
+ .SH SYNOPSIS
5
+ .B kprobe
6
+ [\-FhHsv] [\-d secs] [\-p PID] [\-L TID] kprobe_definition [filter]
7
+ .SH DESCRIPTION
8
+ This will create, trace, then destroy a given kprobe definition. See
9
+ Documentation/trace/kprobetrace.txt in the Linux kernel source for the
10
+ syntax of a kprobe definition, and "kprobe -h" for examples. With this tool,
11
+ the probe alias is optional (it will become to kprobe:<funcname> if not
12
+ specified).
13
+
14
+ WARNING: This uses dynamic tracing of kernel functions, and could cause
15
+ kernel panics or freezes, depending on the function traced. Test in a lab
16
+ environment, and know what you are doing, before use.
17
+
18
+ Also beware of feedback loops: tracing tcp functions over an ssh session,
19
+ or writing ext4 functions to an ext4 file system. For the former, tcp
20
+ trace data could be redirected to a file (as in the usage message). For
21
+ the latter, trace to the screen or a different file system.
22
+
23
+ SEE ALSO: functrace(8), which can perform basic tracing (event only) of
24
+ multiple kernel functions using wildcards.
25
+
26
+ Since this uses ftrace, only the root user can use this tool.
27
+ .SH REQUIREMENTS
28
+ FTRACE and KPROBES CONFIG, which you may already have enabled and available on
29
+ recent kernels.
30
+ .SH OPTIONS
31
+ .TP
32
+ \-F
33
+ Force. Trace despite warnings. By default the specified kernel function must
34
+ exist in the available_filter_functions file. This option overrides this check.
35
+ This might expose you to more unsafe functions, which could cause kernel
36
+ panics or freezes when traced.
37
+ .TP
38
+ \-d seconds
39
+ Set the duration of tracing, in seconds. Trace output will be buffered and
40
+ printed at the end. This also reduces overheads by buffering in-kernel,
41
+ instead of printing events as they occur.
42
+
43
+ The ftrace buffer has a fixed size per-CPU (see
44
+ /sys/kernel/debug/tracing/buffer_size_kb). If you think events are missing,
45
+ try increasing that size.
46
+ .TP
47
+ \-h
48
+ Print usage message.
49
+ .TP
50
+ \-H
51
+ Print column headers.
52
+ .TP
53
+ \-s
54
+ Print kernel stack traces after each event.
55
+ .TP
56
+ \-v
57
+ Show the kprobe format file only (do not trace), identifying possible variables
58
+ for use in a custom filter.
59
+ .TP
60
+ \-p PID
61
+ Only trace kernel functions when this process ID is on-CPU.
62
+ .TP
63
+ \-L TID
64
+ Only trace kernel functions when this thread ID is on-CPU.
65
+ .TP
66
+ kprobe_definition
67
+ A full kprobe definition, as documented by Documentation/trace/kprobetrace.txt
68
+ in the Linux kernel source. Note that the probe alias name is optional with
69
+ kprobe(8), and if not specified, the tracepoint will become kprobe:<funcname>.
70
+ See the EXAMPLES section.
71
+ .TP
72
+ filter
73
+ An ftrace filter definition.
74
+ .SH EXAMPLES
75
+ These examples may need modification to match your kernel version's function
76
+ names and platform's register usage. If using platform specific registers
77
+ becomes too painful in practice, consider a kernel debuginfo-based tracer,
78
+ which can trace variables names instead. For example, perf_events.
79
+ .TP
80
+ Trace do_sys_open() entry:
81
+ #
82
+ .B kprobe p:do_sys_open
83
+ .TP
84
+ Trace do_sys_open() return:
85
+ #
86
+ .B kprobe r:do_sys_open
87
+ .TP
88
+ Trace do_sys_open() return value:
89
+ #
90
+ .B kprobe 'r:do_sys_open $retval'
91
+ .TP
92
+ Trace do_sys_open() return value, with a custom probe alias "myopen":
93
+ #
94
+ .B kprobe 'r:myopen do_sys_open $retval'
95
+ .TP
96
+ Trace do_sys_open() file mode:
97
+ #
98
+ .B kprobe 'p:myopen do_sys_open mode=%cx:u16'
99
+ .TP
100
+ Trace do_sys_open() file mode for PID 81:
101
+ #
102
+ .B kprobe -p 81 'p:myopen do_sys_open mode=%cx:u16'
103
+ .TP
104
+ Trace do_sys_open() with filename string:
105
+ #
106
+ .B kprobe 'p:myopen do_sys_open filename=+0(%si):string'
107
+ .TP
108
+ Trace do_sys_open() for filenames ending in "stat":
109
+ #
110
+ .B kprobe 'p:myopen do_sys_open fn=+0(%si):string' 'fn ~ """*stat"""'
111
+ .TP
112
+ Trace tcp_retransmit_skb() and show kernel stack traces, showing the path that led to it (can help explain why):
113
+ #
114
+ .B kprobe \-s 'p:myprobe tcp_retransmit_skb'
115
+ .SH FIELDS
116
+ The output format depends on the kernel version, and headings can be printed
117
+ using \-H. The format is the same as the ftrace function trace format, described
118
+ in the kernel source under Documentation/trace/ftrace.txt.
119
+
120
+ Typical fields are:
121
+ .TP
122
+ TASK-PID
123
+ The process name (which could include dashes), a dash, and the process ID.
124
+ .TP
125
+ CPU#
126
+ The CPU ID, in brackets.
127
+ .TP
128
+ ||||
129
+ Kernel state flags. For example, on Linux 3.16 these are for irqs-off,
130
+ need-resched, hardirq/softirq, and preempt-depth.
131
+ .TP
132
+ TIMESTAMP
133
+ Time of event, in seconds.
134
+ .TP
135
+ FUNCTION
136
+ Kernel function name.
137
+ .SH OVERHEAD
138
+ This can generate a lot of trace data quickly, depending on the
139
+ frequency of the traced events. Such data will cause performance overheads.
140
+ This also works without buffering by default, printing function events
141
+ as they happen (uses trace_pipe), context switching and consuming CPU to do
142
+ so. If needed, you can try the "\-d secs" option, which buffers events
143
+ instead, reducing overhead. If you think the buffer option is losing events,
144
+ try increasing the buffer size (buffer_size_kb).
145
+
146
+ It's a good idea to use funccount(8) first, which is lower overhead, to
147
+ help you select which functions you may want to trace using kprobe(8).
148
+ .SH SOURCE
149
+ This is from the perf-tools collection:
150
+ .IP
151
+ https://github.com/brendangregg/perf-tools
152
+ .PP
153
+ Also look under the examples directory for a text file containing example
154
+ usage, output, and commentary for this tool.
155
+ .SH OS
156
+ Linux
157
+ .SH STABILITY
158
+ Unstable - in development.
159
+ .SH AUTHOR
160
+ Brendan Gregg
161
+ .SH SEE ALSO
162
+ functrace(8), funccount(8)
@@ -0,0 +1,113 @@
1
+ .TH opensnoop 8 "2014-07-20" "USER COMMANDS"
2
+ .SH NAME
3
+ opensnoop \- trace open() syscalls with file details. Uses Linux ftrace.
4
+ .SH SYNOPSIS
5
+ .B opensnoop
6
+ [\-htx] [\-d secs] [\-p pid] [\-L tid] [\-n name] [filename]
7
+ .SH DESCRIPTION
8
+ This traces open() syscalls, showing the file name (pathname) and returned file
9
+ descriptor number (or \-1, for error).
10
+
11
+ This implementation is designed to work on older kernel versions, and without
12
+ kernel debuginfo. It works by dynamic tracing of the return value of getname()
13
+ as a string, and associating it with the following open() syscall return.
14
+ This approach is kernel version specific, and may not work on your version.
15
+ It is a workaround, and proof of concept for ftrace, until more kernel tracing
16
+ functionality is available.
17
+
18
+ Since this uses ftrace, only the root user can use this tool.
19
+ .SH REQUIREMENTS
20
+ FTRACE and KPROBE CONFIG, the syscalls:sys_exit_open tracepoint, and the
21
+ getname() kernel function. You may already have these enabled and available
22
+ on recent Linux kernels. And awk.
23
+ .SH OPTIONS
24
+ .TP
25
+ \-d secs
26
+ Set the duration of tracing, in seconds. Trace output will be buffered and
27
+ printed at the end. This also reduces overheads by buffering in-kernel,
28
+ instead of printing events as they occur.
29
+
30
+ The ftrace buffer has a fixed size per-CPU (see
31
+ /sys/kernel/debug/tracing/buffer_size_kb). If you think events are missing,
32
+ try increasing that size.
33
+ .TP
34
+ \-h
35
+ Print usage message.
36
+ .TP
37
+ \-n name
38
+ Only show processes matching this process name. Partial strings and regular
39
+ expressions are allowed. This is post-filtered using awk.
40
+ .TP
41
+ \-p PID
42
+ Only trace this process ID. This is filtered in-kernel.
43
+ .TP
44
+ \-L TID
45
+ Only trace this thread ID. This is filtered in-kernel.
46
+ .TP
47
+ \-t
48
+ Include timestamps, in seconds.
49
+ .TP
50
+ \-x
51
+ Only print failed open()s.
52
+ .TP
53
+ filename
54
+ Only show open()s which match this filename. Partial strings and regular
55
+ expressions are allowed. This is post-filtered using awk.
56
+ .SH EXAMPLES
57
+ .TP
58
+ Trace all open() syscalls with details:
59
+ #
60
+ .B opensnoop
61
+ .TP
62
+ Only trace open()s for PID 81:
63
+ #
64
+ .B opensnoop -p 81
65
+ .TP
66
+ Trace failed open() syscalls:
67
+ #
68
+ .B opensnoop -x
69
+ .TP
70
+ Trace open() syscalls for filenames containing "conf":
71
+ #
72
+ .B opensnoop conf
73
+ .TP
74
+ Trace open() syscalls for filenames ending in "log":
75
+ #
76
+ .B opensnoop 'log$'
77
+ .SH FIELDS
78
+ .TP
79
+ TIMEs
80
+ Time of open() completion, in units of seconds.
81
+ .TP
82
+ COMM
83
+ Process name (if known).
84
+ .TP
85
+ PID
86
+ Process ID.
87
+ .TP
88
+ FD
89
+ File descriptor. If this is a successful open, the file descriptor number is
90
+ shown. If this is unsuccessful, -1 is shown. Numbers beginning with 0x are
91
+ hexadecimal.
92
+ .TP
93
+ FILE
94
+ Filename (pathname) used by the open() syscall.
95
+ .SH OVERHEAD
96
+ This reads and open() syscalls and getname() kernel functions as they occur.
97
+ For high rates of opens (> 500/s), the overhead may begin to be measurable.
98
+ Test yourself. You can use the \-d mode to buffer output, reducing overheads.
99
+ .SH SOURCE
100
+ This is from the perf-tools collection.
101
+ .IP
102
+ https://github.com/brendangregg/perf-tools
103
+ .PP
104
+ Also look under the examples directory for a text file containing example
105
+ usage, output, and commentary for this tool.
106
+ .SH OS
107
+ Linux
108
+ .SH STABILITY
109
+ Unstable - in development.
110
+ .SH AUTHOR
111
+ Brendan Gregg
112
+ .SH SEE ALSO
113
+ execsnoop(8), strace(1)
@@ -0,0 +1,111 @@
1
+ .TH perf-stat-hist 8 "2014-07-07" "USER COMMANDS"
2
+ .SH NAME
3
+ perf-stat-hist \- histogram summary of tracepoint values. Uses Linux perf_events.
4
+ .SH SYNOPSIS
5
+ .B perf-stat-hist
6
+ [-h] [-b buckets|-P power] [-m max] tracepoint variable [seconds]
7
+ .SH DESCRIPTION
8
+ This is a proof-of-concept showing in-kernel histograms using Linux perf_events
9
+ (aka the "perf" command), on older kernels where perf_events does not have
10
+ this native capability.
11
+
12
+ These histograms show the distribution of variable, allowing details
13
+ including multiple modes and outliers to be studied.
14
+
15
+ This uses multiple counting tracepoints with different filters, one for each
16
+ histogram bucket. While this is summarized in-kernel, the use of multiple
17
+ tracepoints does add addiitonal overhead. Hopefully, in the
18
+ future this this functionality will be provided in an efficient way from
19
+ perf_events itself, at which point this tool can be deleted or rewritten.
20
+ .SH REQUIREMENTS
21
+ Linux perf_events: add linux-tools-common, run "perf", then add any additional
22
+ packages it requests. Also uses awk.
23
+ .SH OPTIONS
24
+ .TP
25
+ \-h
26
+ Usage message.
27
+ .TP
28
+ \-b buckets
29
+ Specify a list of bucket points for the histogram as a string (eg, "10 500
30
+ 1000"). The histogram will include buckets for less-than the minimum, and
31
+ greater-than-or-equal-to the maximum. If a single value is specified, two
32
+ statistics only are gathered: for less-than and for greater-than-or-equal-to.
33
+ The overhead is relative to the number of buckets, so only specifying a
34
+ single value costs the lowest overhead.
35
+ .TP
36
+ \-P power
37
+ Power for power-of histogram. By default, a power-of-4 histogram is created.
38
+ This and the \-b option are exclusive.
39
+ .TP
40
+ \-m max
41
+ Max value for power-of histograms.
42
+ .TP
43
+ tracepoint
44
+ Tracepoint specification. Eg, syscalls:sys_enter_read.
45
+ .TP
46
+ variable
47
+ The tracepoint variable name to summarize. To see what are available, cat the
48
+ format file under /sys/kernel/debug/tracing/events/*/*/format.
49
+ .TP
50
+ seconds
51
+ Number of seconds to trace. If not specified, this runs until Ctrl-C.
52
+ .SH EXAMPLES
53
+ .TP
54
+ Trace read() syscalls until Ctrl-C, and show histogram of requested size:
55
+ #
56
+ .B perf\-stat\-hist syscalls:sys_enter_read count
57
+ .TP
58
+ Trace read() syscall completions until Ctrl-C, and show histogram of successful returned size:
59
+ #
60
+ .B perf\-stat\-hist syscalls:sys_exit_read ret
61
+ .TP
62
+ Trace read() return sizes for 10 seconds, showing histogram:
63
+ #
64
+ .B perf\-stat\-hist syscalls:sys_exit_read ret 10
65
+ .TP
66
+ Trace network transmits until Ctrl-C, and show histogram of packet size:
67
+ #
68
+ .B perf\-stat\-hist net:net_dev_xmit len
69
+ .TP
70
+ Trace read() return sizes, using a power-of-10 histogram:
71
+ .B perf\-stat\-hist \-P 10 syscalls:sys_exit_read ret
72
+ .TP
73
+ Trace read() return sizes, using a power-of-2 histogram, and a max of 1024:
74
+ .B perf\-stat\-hist \-P 2 \-m 1024 syscalls:sys_exit_read ret
75
+ .TP
76
+ Trace read() return sizes, using the specified bucket points:
77
+ .B perf\-stat\-hist \-b """10 50 100 5000""" syscalls:sys_exit_read ret
78
+ .TP
79
+ Trace read() return sizes, and bifurcate statistics by the value 10:
80
+ .B perf-stat-hist \-b 10 syscalls:sys_exit_read ret
81
+ .SH FIELDS
82
+ .TP
83
+ Range
84
+ Range of the histogram bucket, in units of the variable specified.
85
+ .TP
86
+ Count
87
+ Number of occurrences (tracepoint events) of the variable in this range.
88
+ .TP
89
+ Distribution
90
+ ASCII histogram representation of the Count column.
91
+ .SH OVERHEAD
92
+ While the counts are performed in-kernel, there is one tracepoint used per
93
+ histogram bucket, so the overheads are higher than usual (relative to the
94
+ number of buckets) than function counting using perf stat. The lowest
95
+ overhead is when \-b is used to specify one bucket only, bifurcating
96
+ statistics.
97
+ .SH SOURCE
98
+ This is from the perf-tools collection.
99
+ .IP
100
+ https://github.com/brendangregg/perf-tools
101
+ .PP
102
+ Also look under the examples directory for a text file containing example
103
+ usage, output, and commentary for this tool.
104
+ .SH OS
105
+ Linux
106
+ .SH STABILITY
107
+ Unstable - in development.
108
+ .SH AUTHOR
109
+ Brendan Gregg
110
+ .SH SEE ALSO
111
+ perf(1)
@@ -0,0 +1,49 @@
1
+ .TH reset-ftrace 8 "2014-07-07" "USER COMMANDS"
2
+ .SH NAME
3
+ reset-ftrace \- reset state of ftrace, disabling all tracing. Written for Linux ftrace.
4
+ .SH SYNOPSIS
5
+ .B reset-ftrace
6
+ [\-fhq]
7
+ .SH DESCRIPTION
8
+ This resets the state of various ftrace files, and shows the before and after
9
+ state.
10
+
11
+ This may only be of use to ftrace hackers who, in the process of developing
12
+ ftrace software, often get the subsystem into a partially active state, and
13
+ would like a quick way to reset state. Check the end of this script for the
14
+ actually files reset, and add more if you need.
15
+
16
+ WARNING: Only use this if and when you are sure that there are no other active
17
+ ftrace sessions on your system, as otherwise it will kill them.
18
+ .SH REQUIREMENTS
19
+ FTRACE CONFIG.
20
+ .SH OPTIONS
21
+ .TP
22
+ \-f
23
+ Force. If the ftrace lock file exists (/var/tmp/.ftrace-lock), delete it.
24
+ .TP
25
+ \-h
26
+ Print usage message.
27
+ .TP
28
+ \-q
29
+ Quiet. Run, but don't print any output.
30
+ .SH EXAMPLES
31
+ .TP
32
+ Reset various ftrace files:
33
+ #
34
+ .B reset-ftrace
35
+ .SH SOURCE
36
+ This is from the perf-tools collection.
37
+ .IP
38
+ https://github.com/brendangregg/perf-tools
39
+ .PP
40
+ Also look under the examples directory for a text file containing example
41
+ usage, output, and commentary for this tool.
42
+ .SH OS
43
+ Linux
44
+ .SH STABILITY
45
+ Unstable - in development.
46
+ .SH AUTHOR
47
+ Brendan Gregg
48
+ .SH SEE ALSO
49
+ perf(1)
@@ -0,0 +1,96 @@
1
+ .TH syscount 8 "2014-07-07" "USER COMMANDS"
2
+ .SH NAME
3
+ syscount \- count system calls. Uses Linux perf_events.
4
+ .SH SYNOPSIS
5
+ .B syscount
6
+ [\-chv] [\-t top] {\-p PID|\-d seconds|command}
7
+ .SH DESCRIPTION
8
+ This is a proof-of-concept using perf_events capabilities for older kernel
9
+ versions, that lack custom in-kernel aggregations. Once they exist, this
10
+ script can be substantially rewritten and improved (lower overhead).
11
+ .SH REQUIREMENTS
12
+ Linux perf_events: add linux-tools-common, run "perf", then
13
+ add any additional packages it requests. Also needs awk.
14
+ .SH OPTIONS
15
+ .TP
16
+ \-c
17
+ Show counts by syscall name. This mode (without -v) uses in-kernel counts, which
18
+ have lower overhead than the default mode.
19
+ .TP
20
+ \-h
21
+ Usage message.
22
+ .TP
23
+ \-v
24
+ Verbose: include PID.
25
+ .TP
26
+ \-p PID
27
+ Trace this process ID only.
28
+ .TP
29
+ \-d seconds
30
+ Duration of trace in seconds.
31
+ .TP
32
+ command
33
+ Run and trace this command.
34
+ .SH EXAMPLES
35
+ .TP
36
+ Trace and summarize syscalls by process name:
37
+ #
38
+ .B syscount
39
+ .TP
40
+ Trace and summarize syscalls by syscall name (lower overhead):
41
+ #
42
+ .B syscount \-c
43
+ .TP
44
+ Trace for 5 seconds, showing by process name:
45
+ #
46
+ .B syscount \-d 5
47
+ .TP
48
+ Trace PID 932 only, and show by syscall name (lower overhead):
49
+ #
50
+ .B syscount \-cp 923
51
+ .TP
52
+ Execute the """ls""" command, and show by syscall name:
53
+ #
54
+ .B syscount -c ls
55
+ .SH FIELDS
56
+ .TP
57
+ PID
58
+ Process ID.
59
+ .TP
60
+ COMM
61
+ Process command name.
62
+ .TP
63
+ SYSCALL
64
+ Syscall name.
65
+ .TP
66
+ COUNT
67
+ Number of syscalls during tracing.
68
+ .SH OVERHEAD
69
+ Modes that report syscall names only (\-c, \-cp PID, \-cd secs) have
70
+ lower overhead, since they use in-kernel counts. Other modes which report
71
+ process IDs (\-cv) or process names (default) create a perf.data file for
72
+ post processing, and you will see messages about it doing this. Beware of
73
+ the file size (test for short durations, or use \-c to see counts based on
74
+ in-kernel counters), and gauge overheads based on the perf.data size.
75
+
76
+ Note that this script delibrately does not pipe perf record into
77
+ perf script, which would avoid perf.data, because it can create a feedback
78
+ loop where the perf script syscalls are recorded. Hopefully there will be a
79
+ fix for this in a later perf version, so perf.data can be skipped, or other
80
+ kernel features to aggregate by process name in-kernel directly (eg, via
81
+ eBPF, ktap, or SystemTap).
82
+ .SH SOURCE
83
+ This is from the perf-tools collection.
84
+ .IP
85
+ https://github.com/brendangregg/perf-tools
86
+ .PP
87
+ Also look under the examples directory for a text file containing example
88
+ usage, output, and commentary for this tool.
89
+ .SH OS
90
+ Linux
91
+ .SH STABILITY
92
+ Unstable - in development.
93
+ .SH AUTHOR
94
+ Brendan Gregg
95
+ .SH SEE ALSO
96
+ iosnoop(8), iolatency(8), iostat(1)