fluent-plugin-perf-tools 0.1.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/.gitignore +15 -0
- data/.rubocop.yml +26 -0
- data/.ruby-version +1 -0
- data/CHANGELOG.md +5 -0
- data/CODE_OF_CONDUCT.md +84 -0
- data/Gemfile +5 -0
- data/LICENSE.txt +21 -0
- data/README.md +43 -0
- data/Rakefile +17 -0
- data/bin/console +15 -0
- data/bin/setup +8 -0
- data/fluent-plugin-perf-tools.gemspec +48 -0
- data/lib/fluent/plugin/in_perf_tools.rb +42 -0
- data/lib/fluent/plugin/perf_tools/cachestat.rb +65 -0
- data/lib/fluent/plugin/perf_tools/command.rb +30 -0
- data/lib/fluent/plugin/perf_tools/version.rb +9 -0
- data/lib/fluent/plugin/perf_tools.rb +11 -0
- data/perf-tools/LICENSE +339 -0
- data/perf-tools/README.md +205 -0
- data/perf-tools/bin/bitesize +1 -0
- data/perf-tools/bin/cachestat +1 -0
- data/perf-tools/bin/execsnoop +1 -0
- data/perf-tools/bin/funccount +1 -0
- data/perf-tools/bin/funcgraph +1 -0
- data/perf-tools/bin/funcslower +1 -0
- data/perf-tools/bin/functrace +1 -0
- data/perf-tools/bin/iolatency +1 -0
- data/perf-tools/bin/iosnoop +1 -0
- data/perf-tools/bin/killsnoop +1 -0
- data/perf-tools/bin/kprobe +1 -0
- data/perf-tools/bin/opensnoop +1 -0
- data/perf-tools/bin/perf-stat-hist +1 -0
- data/perf-tools/bin/reset-ftrace +1 -0
- data/perf-tools/bin/syscount +1 -0
- data/perf-tools/bin/tcpretrans +1 -0
- data/perf-tools/bin/tpoint +1 -0
- data/perf-tools/bin/uprobe +1 -0
- data/perf-tools/deprecated/README.md +1 -0
- data/perf-tools/deprecated/execsnoop-proc +150 -0
- data/perf-tools/deprecated/execsnoop-proc.8 +80 -0
- data/perf-tools/deprecated/execsnoop-proc_example.txt +46 -0
- data/perf-tools/disk/bitesize +175 -0
- data/perf-tools/examples/bitesize_example.txt +63 -0
- data/perf-tools/examples/cachestat_example.txt +58 -0
- data/perf-tools/examples/execsnoop_example.txt +153 -0
- data/perf-tools/examples/funccount_example.txt +126 -0
- data/perf-tools/examples/funcgraph_example.txt +2178 -0
- data/perf-tools/examples/funcslower_example.txt +110 -0
- data/perf-tools/examples/functrace_example.txt +341 -0
- data/perf-tools/examples/iolatency_example.txt +350 -0
- data/perf-tools/examples/iosnoop_example.txt +302 -0
- data/perf-tools/examples/killsnoop_example.txt +62 -0
- data/perf-tools/examples/kprobe_example.txt +379 -0
- data/perf-tools/examples/opensnoop_example.txt +47 -0
- data/perf-tools/examples/perf-stat-hist_example.txt +149 -0
- data/perf-tools/examples/reset-ftrace_example.txt +88 -0
- data/perf-tools/examples/syscount_example.txt +297 -0
- data/perf-tools/examples/tcpretrans_example.txt +93 -0
- data/perf-tools/examples/tpoint_example.txt +210 -0
- data/perf-tools/examples/uprobe_example.txt +321 -0
- data/perf-tools/execsnoop +292 -0
- data/perf-tools/fs/cachestat +167 -0
- data/perf-tools/images/perf-tools_2016.png +0 -0
- data/perf-tools/iolatency +296 -0
- data/perf-tools/iosnoop +296 -0
- data/perf-tools/kernel/funccount +146 -0
- data/perf-tools/kernel/funcgraph +259 -0
- data/perf-tools/kernel/funcslower +248 -0
- data/perf-tools/kernel/functrace +192 -0
- data/perf-tools/kernel/kprobe +270 -0
- data/perf-tools/killsnoop +263 -0
- data/perf-tools/man/man8/bitesize.8 +70 -0
- data/perf-tools/man/man8/cachestat.8 +111 -0
- data/perf-tools/man/man8/execsnoop.8 +104 -0
- data/perf-tools/man/man8/funccount.8 +76 -0
- data/perf-tools/man/man8/funcgraph.8 +166 -0
- data/perf-tools/man/man8/funcslower.8 +129 -0
- data/perf-tools/man/man8/functrace.8 +123 -0
- data/perf-tools/man/man8/iolatency.8 +116 -0
- data/perf-tools/man/man8/iosnoop.8 +169 -0
- data/perf-tools/man/man8/killsnoop.8 +100 -0
- data/perf-tools/man/man8/kprobe.8 +162 -0
- data/perf-tools/man/man8/opensnoop.8 +113 -0
- data/perf-tools/man/man8/perf-stat-hist.8 +111 -0
- data/perf-tools/man/man8/reset-ftrace.8 +49 -0
- data/perf-tools/man/man8/syscount.8 +96 -0
- data/perf-tools/man/man8/tcpretrans.8 +93 -0
- data/perf-tools/man/man8/tpoint.8 +140 -0
- data/perf-tools/man/man8/uprobe.8 +168 -0
- data/perf-tools/misc/perf-stat-hist +223 -0
- data/perf-tools/net/tcpretrans +311 -0
- data/perf-tools/opensnoop +280 -0
- data/perf-tools/syscount +192 -0
- data/perf-tools/system/tpoint +232 -0
- data/perf-tools/tools/reset-ftrace +123 -0
- data/perf-tools/user/uprobe +390 -0
- metadata +349 -0
@@ -0,0 +1,100 @@
|
|
1
|
+
.TH killsnoop 8 "2014-09-15" "USER COMMANDS"
|
2
|
+
.SH NAME
|
3
|
+
killsnoop \- trace kill() syscalls with process and signal details. Uses Linux ftrace.
|
4
|
+
.SH SYNOPSIS
|
5
|
+
.B killsnoop
|
6
|
+
[\-hst] [\-d secs] [\-p pid] [\-n name]
|
7
|
+
.SH DESCRIPTION
|
8
|
+
This traces kill() syscalls, showing which process killed which pid and
|
9
|
+
returns the returncode (0 for success, -1 for error).
|
10
|
+
|
11
|
+
This implementation is designed to work on older kernel versions, and without
|
12
|
+
kernel debuginfo. It works by dynamic tracing of the return value of kill()
|
13
|
+
and associating it with the previous kill() syscall return.
|
14
|
+
This approach is kernel version specific, and may not work on your version.
|
15
|
+
It is a workaround, and proof of concept for ftrace, until more kernel tracing
|
16
|
+
functionality is available.
|
17
|
+
|
18
|
+
Since this uses ftrace, only the root user can use this tool.
|
19
|
+
.SH REQUIREMENTS
|
20
|
+
FTRACE and KPROBE CONFIG, syscalls:sys_enter_kill and
|
21
|
+
syscalls:sys_exit_kill kernel tracepoints (you may already have these
|
22
|
+
on recent kernels) and awk.
|
23
|
+
.SH OPTIONS
|
24
|
+
.TP
|
25
|
+
\-d secs
|
26
|
+
Set the duration of tracing, in seconds. Trace output will be buffered and
|
27
|
+
printed at the end. This also reduces overheads by buffering in-kernel,
|
28
|
+
instead of printing events as they occur.
|
29
|
+
|
30
|
+
The ftrace buffer has a fixed size per-CPU (see
|
31
|
+
/sys/kernel/debug/tracing/buffer_size_kb). If you think events are missing,
|
32
|
+
try increasing that size.
|
33
|
+
.TP
|
34
|
+
\-h
|
35
|
+
Print usage message.
|
36
|
+
.TP
|
37
|
+
\-n name
|
38
|
+
Only show processes matching this process name. Partial strings and regular
|
39
|
+
expressions are allowed. This is post-filtered using awk.
|
40
|
+
.TP
|
41
|
+
\-p PID
|
42
|
+
Only trace this process ID. This is filtered in-kernel.
|
43
|
+
.TP
|
44
|
+
\-s
|
45
|
+
Use human readable signal names, instead of signal numbers.
|
46
|
+
.TP
|
47
|
+
\-t
|
48
|
+
Include timestamps, in seconds.
|
49
|
+
.SH EXAMPLES
|
50
|
+
.TP
|
51
|
+
Trace all kill() syscalls with details:
|
52
|
+
#
|
53
|
+
.B killsnoop
|
54
|
+
.TP
|
55
|
+
Trace kill() syscalls with readable signal names, and times:
|
56
|
+
#
|
57
|
+
.B killsnoop -st
|
58
|
+
.TP
|
59
|
+
Track kill() syscalls for processes named "httpd":
|
60
|
+
#
|
61
|
+
.B killsnoop -n httpd
|
62
|
+
.SH FIELDS
|
63
|
+
.TP
|
64
|
+
TIMEs
|
65
|
+
Time of open() completion, in units of seconds.
|
66
|
+
.TP
|
67
|
+
COMM
|
68
|
+
Process name (if known) of the process that issued the signal.
|
69
|
+
.TP
|
70
|
+
PID
|
71
|
+
Process ID that issued the signal.
|
72
|
+
.TP
|
73
|
+
TPID
|
74
|
+
Target PID for the signal.
|
75
|
+
.TP
|
76
|
+
SIGNAL
|
77
|
+
Signal number sent to the target process, or name if -s is used.
|
78
|
+
.TP
|
79
|
+
RETURN
|
80
|
+
Return status: 0 for success, -1 for failure.
|
81
|
+
.SH OVERHEAD
|
82
|
+
This reads and kill() syscalls as they occur. For high rates of kills (> 500/s),
|
83
|
+
the overhead may begin to be measurable, however, the rate is unlikely to get
|
84
|
+
this high. And if it is: you should investigate why. Test yourself. You can
|
85
|
+
also use the \-d mode to buffer output, reducing overheads.
|
86
|
+
.SH SOURCE
|
87
|
+
This is from the perf-tools collection.
|
88
|
+
.IP
|
89
|
+
https://github.com/brendangregg/perf-tools
|
90
|
+
.PP
|
91
|
+
Also look under the examples directory for a text file containing example
|
92
|
+
usage, output, and commentary for this tool.
|
93
|
+
.SH OS
|
94
|
+
Linux
|
95
|
+
.SH STABILITY
|
96
|
+
Unstable - in development.
|
97
|
+
.SH AUTHOR
|
98
|
+
Martin Probst
|
99
|
+
.SH SEE ALSO
|
100
|
+
tpoint(8), execsnoop(8), opensnoop(8)
|
@@ -0,0 +1,162 @@
|
|
1
|
+
.TH kprobe 8 "2014-07-20" "USER COMMANDS"
|
2
|
+
.SH NAME
|
3
|
+
kprobe \- trace a given kprobe definition. Kernel dynamic tracing. Uses Linux ftrace.
|
4
|
+
.SH SYNOPSIS
|
5
|
+
.B kprobe
|
6
|
+
[\-FhHsv] [\-d secs] [\-p PID] [\-L TID] kprobe_definition [filter]
|
7
|
+
.SH DESCRIPTION
|
8
|
+
This will create, trace, then destroy a given kprobe definition. See
|
9
|
+
Documentation/trace/kprobetrace.txt in the Linux kernel source for the
|
10
|
+
syntax of a kprobe definition, and "kprobe -h" for examples. With this tool,
|
11
|
+
the probe alias is optional (it will become to kprobe:<funcname> if not
|
12
|
+
specified).
|
13
|
+
|
14
|
+
WARNING: This uses dynamic tracing of kernel functions, and could cause
|
15
|
+
kernel panics or freezes, depending on the function traced. Test in a lab
|
16
|
+
environment, and know what you are doing, before use.
|
17
|
+
|
18
|
+
Also beware of feedback loops: tracing tcp functions over an ssh session,
|
19
|
+
or writing ext4 functions to an ext4 file system. For the former, tcp
|
20
|
+
trace data could be redirected to a file (as in the usage message). For
|
21
|
+
the latter, trace to the screen or a different file system.
|
22
|
+
|
23
|
+
SEE ALSO: functrace(8), which can perform basic tracing (event only) of
|
24
|
+
multiple kernel functions using wildcards.
|
25
|
+
|
26
|
+
Since this uses ftrace, only the root user can use this tool.
|
27
|
+
.SH REQUIREMENTS
|
28
|
+
FTRACE and KPROBES CONFIG, which you may already have enabled and available on
|
29
|
+
recent kernels.
|
30
|
+
.SH OPTIONS
|
31
|
+
.TP
|
32
|
+
\-F
|
33
|
+
Force. Trace despite warnings. By default the specified kernel function must
|
34
|
+
exist in the available_filter_functions file. This option overrides this check.
|
35
|
+
This might expose you to more unsafe functions, which could cause kernel
|
36
|
+
panics or freezes when traced.
|
37
|
+
.TP
|
38
|
+
\-d seconds
|
39
|
+
Set the duration of tracing, in seconds. Trace output will be buffered and
|
40
|
+
printed at the end. This also reduces overheads by buffering in-kernel,
|
41
|
+
instead of printing events as they occur.
|
42
|
+
|
43
|
+
The ftrace buffer has a fixed size per-CPU (see
|
44
|
+
/sys/kernel/debug/tracing/buffer_size_kb). If you think events are missing,
|
45
|
+
try increasing that size.
|
46
|
+
.TP
|
47
|
+
\-h
|
48
|
+
Print usage message.
|
49
|
+
.TP
|
50
|
+
\-H
|
51
|
+
Print column headers.
|
52
|
+
.TP
|
53
|
+
\-s
|
54
|
+
Print kernel stack traces after each event.
|
55
|
+
.TP
|
56
|
+
\-v
|
57
|
+
Show the kprobe format file only (do not trace), identifying possible variables
|
58
|
+
for use in a custom filter.
|
59
|
+
.TP
|
60
|
+
\-p PID
|
61
|
+
Only trace kernel functions when this process ID is on-CPU.
|
62
|
+
.TP
|
63
|
+
\-L TID
|
64
|
+
Only trace kernel functions when this thread ID is on-CPU.
|
65
|
+
.TP
|
66
|
+
kprobe_definition
|
67
|
+
A full kprobe definition, as documented by Documentation/trace/kprobetrace.txt
|
68
|
+
in the Linux kernel source. Note that the probe alias name is optional with
|
69
|
+
kprobe(8), and if not specified, the tracepoint will become kprobe:<funcname>.
|
70
|
+
See the EXAMPLES section.
|
71
|
+
.TP
|
72
|
+
filter
|
73
|
+
An ftrace filter definition.
|
74
|
+
.SH EXAMPLES
|
75
|
+
These examples may need modification to match your kernel version's function
|
76
|
+
names and platform's register usage. If using platform specific registers
|
77
|
+
becomes too painful in practice, consider a kernel debuginfo-based tracer,
|
78
|
+
which can trace variables names instead. For example, perf_events.
|
79
|
+
.TP
|
80
|
+
Trace do_sys_open() entry:
|
81
|
+
#
|
82
|
+
.B kprobe p:do_sys_open
|
83
|
+
.TP
|
84
|
+
Trace do_sys_open() return:
|
85
|
+
#
|
86
|
+
.B kprobe r:do_sys_open
|
87
|
+
.TP
|
88
|
+
Trace do_sys_open() return value:
|
89
|
+
#
|
90
|
+
.B kprobe 'r:do_sys_open $retval'
|
91
|
+
.TP
|
92
|
+
Trace do_sys_open() return value, with a custom probe alias "myopen":
|
93
|
+
#
|
94
|
+
.B kprobe 'r:myopen do_sys_open $retval'
|
95
|
+
.TP
|
96
|
+
Trace do_sys_open() file mode:
|
97
|
+
#
|
98
|
+
.B kprobe 'p:myopen do_sys_open mode=%cx:u16'
|
99
|
+
.TP
|
100
|
+
Trace do_sys_open() file mode for PID 81:
|
101
|
+
#
|
102
|
+
.B kprobe -p 81 'p:myopen do_sys_open mode=%cx:u16'
|
103
|
+
.TP
|
104
|
+
Trace do_sys_open() with filename string:
|
105
|
+
#
|
106
|
+
.B kprobe 'p:myopen do_sys_open filename=+0(%si):string'
|
107
|
+
.TP
|
108
|
+
Trace do_sys_open() for filenames ending in "stat":
|
109
|
+
#
|
110
|
+
.B kprobe 'p:myopen do_sys_open fn=+0(%si):string' 'fn ~ """*stat"""'
|
111
|
+
.TP
|
112
|
+
Trace tcp_retransmit_skb() and show kernel stack traces, showing the path that led to it (can help explain why):
|
113
|
+
#
|
114
|
+
.B kprobe \-s 'p:myprobe tcp_retransmit_skb'
|
115
|
+
.SH FIELDS
|
116
|
+
The output format depends on the kernel version, and headings can be printed
|
117
|
+
using \-H. The format is the same as the ftrace function trace format, described
|
118
|
+
in the kernel source under Documentation/trace/ftrace.txt.
|
119
|
+
|
120
|
+
Typical fields are:
|
121
|
+
.TP
|
122
|
+
TASK-PID
|
123
|
+
The process name (which could include dashes), a dash, and the process ID.
|
124
|
+
.TP
|
125
|
+
CPU#
|
126
|
+
The CPU ID, in brackets.
|
127
|
+
.TP
|
128
|
+
||||
|
129
|
+
Kernel state flags. For example, on Linux 3.16 these are for irqs-off,
|
130
|
+
need-resched, hardirq/softirq, and preempt-depth.
|
131
|
+
.TP
|
132
|
+
TIMESTAMP
|
133
|
+
Time of event, in seconds.
|
134
|
+
.TP
|
135
|
+
FUNCTION
|
136
|
+
Kernel function name.
|
137
|
+
.SH OVERHEAD
|
138
|
+
This can generate a lot of trace data quickly, depending on the
|
139
|
+
frequency of the traced events. Such data will cause performance overheads.
|
140
|
+
This also works without buffering by default, printing function events
|
141
|
+
as they happen (uses trace_pipe), context switching and consuming CPU to do
|
142
|
+
so. If needed, you can try the "\-d secs" option, which buffers events
|
143
|
+
instead, reducing overhead. If you think the buffer option is losing events,
|
144
|
+
try increasing the buffer size (buffer_size_kb).
|
145
|
+
|
146
|
+
It's a good idea to use funccount(8) first, which is lower overhead, to
|
147
|
+
help you select which functions you may want to trace using kprobe(8).
|
148
|
+
.SH SOURCE
|
149
|
+
This is from the perf-tools collection:
|
150
|
+
.IP
|
151
|
+
https://github.com/brendangregg/perf-tools
|
152
|
+
.PP
|
153
|
+
Also look under the examples directory for a text file containing example
|
154
|
+
usage, output, and commentary for this tool.
|
155
|
+
.SH OS
|
156
|
+
Linux
|
157
|
+
.SH STABILITY
|
158
|
+
Unstable - in development.
|
159
|
+
.SH AUTHOR
|
160
|
+
Brendan Gregg
|
161
|
+
.SH SEE ALSO
|
162
|
+
functrace(8), funccount(8)
|
@@ -0,0 +1,113 @@
|
|
1
|
+
.TH opensnoop 8 "2014-07-20" "USER COMMANDS"
|
2
|
+
.SH NAME
|
3
|
+
opensnoop \- trace open() syscalls with file details. Uses Linux ftrace.
|
4
|
+
.SH SYNOPSIS
|
5
|
+
.B opensnoop
|
6
|
+
[\-htx] [\-d secs] [\-p pid] [\-L tid] [\-n name] [filename]
|
7
|
+
.SH DESCRIPTION
|
8
|
+
This traces open() syscalls, showing the file name (pathname) and returned file
|
9
|
+
descriptor number (or \-1, for error).
|
10
|
+
|
11
|
+
This implementation is designed to work on older kernel versions, and without
|
12
|
+
kernel debuginfo. It works by dynamic tracing of the return value of getname()
|
13
|
+
as a string, and associating it with the following open() syscall return.
|
14
|
+
This approach is kernel version specific, and may not work on your version.
|
15
|
+
It is a workaround, and proof of concept for ftrace, until more kernel tracing
|
16
|
+
functionality is available.
|
17
|
+
|
18
|
+
Since this uses ftrace, only the root user can use this tool.
|
19
|
+
.SH REQUIREMENTS
|
20
|
+
FTRACE and KPROBE CONFIG, the syscalls:sys_exit_open tracepoint, and the
|
21
|
+
getname() kernel function. You may already have these enabled and available
|
22
|
+
on recent Linux kernels. And awk.
|
23
|
+
.SH OPTIONS
|
24
|
+
.TP
|
25
|
+
\-d secs
|
26
|
+
Set the duration of tracing, in seconds. Trace output will be buffered and
|
27
|
+
printed at the end. This also reduces overheads by buffering in-kernel,
|
28
|
+
instead of printing events as they occur.
|
29
|
+
|
30
|
+
The ftrace buffer has a fixed size per-CPU (see
|
31
|
+
/sys/kernel/debug/tracing/buffer_size_kb). If you think events are missing,
|
32
|
+
try increasing that size.
|
33
|
+
.TP
|
34
|
+
\-h
|
35
|
+
Print usage message.
|
36
|
+
.TP
|
37
|
+
\-n name
|
38
|
+
Only show processes matching this process name. Partial strings and regular
|
39
|
+
expressions are allowed. This is post-filtered using awk.
|
40
|
+
.TP
|
41
|
+
\-p PID
|
42
|
+
Only trace this process ID. This is filtered in-kernel.
|
43
|
+
.TP
|
44
|
+
\-L TID
|
45
|
+
Only trace this thread ID. This is filtered in-kernel.
|
46
|
+
.TP
|
47
|
+
\-t
|
48
|
+
Include timestamps, in seconds.
|
49
|
+
.TP
|
50
|
+
\-x
|
51
|
+
Only print failed open()s.
|
52
|
+
.TP
|
53
|
+
filename
|
54
|
+
Only show open()s which match this filename. Partial strings and regular
|
55
|
+
expressions are allowed. This is post-filtered using awk.
|
56
|
+
.SH EXAMPLES
|
57
|
+
.TP
|
58
|
+
Trace all open() syscalls with details:
|
59
|
+
#
|
60
|
+
.B opensnoop
|
61
|
+
.TP
|
62
|
+
Only trace open()s for PID 81:
|
63
|
+
#
|
64
|
+
.B opensnoop -p 81
|
65
|
+
.TP
|
66
|
+
Trace failed open() syscalls:
|
67
|
+
#
|
68
|
+
.B opensnoop -x
|
69
|
+
.TP
|
70
|
+
Trace open() syscalls for filenames containing "conf":
|
71
|
+
#
|
72
|
+
.B opensnoop conf
|
73
|
+
.TP
|
74
|
+
Trace open() syscalls for filenames ending in "log":
|
75
|
+
#
|
76
|
+
.B opensnoop 'log$'
|
77
|
+
.SH FIELDS
|
78
|
+
.TP
|
79
|
+
TIMEs
|
80
|
+
Time of open() completion, in units of seconds.
|
81
|
+
.TP
|
82
|
+
COMM
|
83
|
+
Process name (if known).
|
84
|
+
.TP
|
85
|
+
PID
|
86
|
+
Process ID.
|
87
|
+
.TP
|
88
|
+
FD
|
89
|
+
File descriptor. If this is a successful open, the file descriptor number is
|
90
|
+
shown. If this is unsuccessful, -1 is shown. Numbers beginning with 0x are
|
91
|
+
hexadecimal.
|
92
|
+
.TP
|
93
|
+
FILE
|
94
|
+
Filename (pathname) used by the open() syscall.
|
95
|
+
.SH OVERHEAD
|
96
|
+
This reads and open() syscalls and getname() kernel functions as they occur.
|
97
|
+
For high rates of opens (> 500/s), the overhead may begin to be measurable.
|
98
|
+
Test yourself. You can use the \-d mode to buffer output, reducing overheads.
|
99
|
+
.SH SOURCE
|
100
|
+
This is from the perf-tools collection.
|
101
|
+
.IP
|
102
|
+
https://github.com/brendangregg/perf-tools
|
103
|
+
.PP
|
104
|
+
Also look under the examples directory for a text file containing example
|
105
|
+
usage, output, and commentary for this tool.
|
106
|
+
.SH OS
|
107
|
+
Linux
|
108
|
+
.SH STABILITY
|
109
|
+
Unstable - in development.
|
110
|
+
.SH AUTHOR
|
111
|
+
Brendan Gregg
|
112
|
+
.SH SEE ALSO
|
113
|
+
execsnoop(8), strace(1)
|
@@ -0,0 +1,111 @@
|
|
1
|
+
.TH perf-stat-hist 8 "2014-07-07" "USER COMMANDS"
|
2
|
+
.SH NAME
|
3
|
+
perf-stat-hist \- histogram summary of tracepoint values. Uses Linux perf_events.
|
4
|
+
.SH SYNOPSIS
|
5
|
+
.B perf-stat-hist
|
6
|
+
[-h] [-b buckets|-P power] [-m max] tracepoint variable [seconds]
|
7
|
+
.SH DESCRIPTION
|
8
|
+
This is a proof-of-concept showing in-kernel histograms using Linux perf_events
|
9
|
+
(aka the "perf" command), on older kernels where perf_events does not have
|
10
|
+
this native capability.
|
11
|
+
|
12
|
+
These histograms show the distribution of variable, allowing details
|
13
|
+
including multiple modes and outliers to be studied.
|
14
|
+
|
15
|
+
This uses multiple counting tracepoints with different filters, one for each
|
16
|
+
histogram bucket. While this is summarized in-kernel, the use of multiple
|
17
|
+
tracepoints does add addiitonal overhead. Hopefully, in the
|
18
|
+
future this this functionality will be provided in an efficient way from
|
19
|
+
perf_events itself, at which point this tool can be deleted or rewritten.
|
20
|
+
.SH REQUIREMENTS
|
21
|
+
Linux perf_events: add linux-tools-common, run "perf", then add any additional
|
22
|
+
packages it requests. Also uses awk.
|
23
|
+
.SH OPTIONS
|
24
|
+
.TP
|
25
|
+
\-h
|
26
|
+
Usage message.
|
27
|
+
.TP
|
28
|
+
\-b buckets
|
29
|
+
Specify a list of bucket points for the histogram as a string (eg, "10 500
|
30
|
+
1000"). The histogram will include buckets for less-than the minimum, and
|
31
|
+
greater-than-or-equal-to the maximum. If a single value is specified, two
|
32
|
+
statistics only are gathered: for less-than and for greater-than-or-equal-to.
|
33
|
+
The overhead is relative to the number of buckets, so only specifying a
|
34
|
+
single value costs the lowest overhead.
|
35
|
+
.TP
|
36
|
+
\-P power
|
37
|
+
Power for power-of histogram. By default, a power-of-4 histogram is created.
|
38
|
+
This and the \-b option are exclusive.
|
39
|
+
.TP
|
40
|
+
\-m max
|
41
|
+
Max value for power-of histograms.
|
42
|
+
.TP
|
43
|
+
tracepoint
|
44
|
+
Tracepoint specification. Eg, syscalls:sys_enter_read.
|
45
|
+
.TP
|
46
|
+
variable
|
47
|
+
The tracepoint variable name to summarize. To see what are available, cat the
|
48
|
+
format file under /sys/kernel/debug/tracing/events/*/*/format.
|
49
|
+
.TP
|
50
|
+
seconds
|
51
|
+
Number of seconds to trace. If not specified, this runs until Ctrl-C.
|
52
|
+
.SH EXAMPLES
|
53
|
+
.TP
|
54
|
+
Trace read() syscalls until Ctrl-C, and show histogram of requested size:
|
55
|
+
#
|
56
|
+
.B perf\-stat\-hist syscalls:sys_enter_read count
|
57
|
+
.TP
|
58
|
+
Trace read() syscall completions until Ctrl-C, and show histogram of successful returned size:
|
59
|
+
#
|
60
|
+
.B perf\-stat\-hist syscalls:sys_exit_read ret
|
61
|
+
.TP
|
62
|
+
Trace read() return sizes for 10 seconds, showing histogram:
|
63
|
+
#
|
64
|
+
.B perf\-stat\-hist syscalls:sys_exit_read ret 10
|
65
|
+
.TP
|
66
|
+
Trace network transmits until Ctrl-C, and show histogram of packet size:
|
67
|
+
#
|
68
|
+
.B perf\-stat\-hist net:net_dev_xmit len
|
69
|
+
.TP
|
70
|
+
Trace read() return sizes, using a power-of-10 histogram:
|
71
|
+
.B perf\-stat\-hist \-P 10 syscalls:sys_exit_read ret
|
72
|
+
.TP
|
73
|
+
Trace read() return sizes, using a power-of-2 histogram, and a max of 1024:
|
74
|
+
.B perf\-stat\-hist \-P 2 \-m 1024 syscalls:sys_exit_read ret
|
75
|
+
.TP
|
76
|
+
Trace read() return sizes, using the specified bucket points:
|
77
|
+
.B perf\-stat\-hist \-b """10 50 100 5000""" syscalls:sys_exit_read ret
|
78
|
+
.TP
|
79
|
+
Trace read() return sizes, and bifurcate statistics by the value 10:
|
80
|
+
.B perf-stat-hist \-b 10 syscalls:sys_exit_read ret
|
81
|
+
.SH FIELDS
|
82
|
+
.TP
|
83
|
+
Range
|
84
|
+
Range of the histogram bucket, in units of the variable specified.
|
85
|
+
.TP
|
86
|
+
Count
|
87
|
+
Number of occurrences (tracepoint events) of the variable in this range.
|
88
|
+
.TP
|
89
|
+
Distribution
|
90
|
+
ASCII histogram representation of the Count column.
|
91
|
+
.SH OVERHEAD
|
92
|
+
While the counts are performed in-kernel, there is one tracepoint used per
|
93
|
+
histogram bucket, so the overheads are higher than usual (relative to the
|
94
|
+
number of buckets) than function counting using perf stat. The lowest
|
95
|
+
overhead is when \-b is used to specify one bucket only, bifurcating
|
96
|
+
statistics.
|
97
|
+
.SH SOURCE
|
98
|
+
This is from the perf-tools collection.
|
99
|
+
.IP
|
100
|
+
https://github.com/brendangregg/perf-tools
|
101
|
+
.PP
|
102
|
+
Also look under the examples directory for a text file containing example
|
103
|
+
usage, output, and commentary for this tool.
|
104
|
+
.SH OS
|
105
|
+
Linux
|
106
|
+
.SH STABILITY
|
107
|
+
Unstable - in development.
|
108
|
+
.SH AUTHOR
|
109
|
+
Brendan Gregg
|
110
|
+
.SH SEE ALSO
|
111
|
+
perf(1)
|
@@ -0,0 +1,49 @@
|
|
1
|
+
.TH reset-ftrace 8 "2014-07-07" "USER COMMANDS"
|
2
|
+
.SH NAME
|
3
|
+
reset-ftrace \- reset state of ftrace, disabling all tracing. Written for Linux ftrace.
|
4
|
+
.SH SYNOPSIS
|
5
|
+
.B reset-ftrace
|
6
|
+
[\-fhq]
|
7
|
+
.SH DESCRIPTION
|
8
|
+
This resets the state of various ftrace files, and shows the before and after
|
9
|
+
state.
|
10
|
+
|
11
|
+
This may only be of use to ftrace hackers who, in the process of developing
|
12
|
+
ftrace software, often get the subsystem into a partially active state, and
|
13
|
+
would like a quick way to reset state. Check the end of this script for the
|
14
|
+
actually files reset, and add more if you need.
|
15
|
+
|
16
|
+
WARNING: Only use this if and when you are sure that there are no other active
|
17
|
+
ftrace sessions on your system, as otherwise it will kill them.
|
18
|
+
.SH REQUIREMENTS
|
19
|
+
FTRACE CONFIG.
|
20
|
+
.SH OPTIONS
|
21
|
+
.TP
|
22
|
+
\-f
|
23
|
+
Force. If the ftrace lock file exists (/var/tmp/.ftrace-lock), delete it.
|
24
|
+
.TP
|
25
|
+
\-h
|
26
|
+
Print usage message.
|
27
|
+
.TP
|
28
|
+
\-q
|
29
|
+
Quiet. Run, but don't print any output.
|
30
|
+
.SH EXAMPLES
|
31
|
+
.TP
|
32
|
+
Reset various ftrace files:
|
33
|
+
#
|
34
|
+
.B reset-ftrace
|
35
|
+
.SH SOURCE
|
36
|
+
This is from the perf-tools collection.
|
37
|
+
.IP
|
38
|
+
https://github.com/brendangregg/perf-tools
|
39
|
+
.PP
|
40
|
+
Also look under the examples directory for a text file containing example
|
41
|
+
usage, output, and commentary for this tool.
|
42
|
+
.SH OS
|
43
|
+
Linux
|
44
|
+
.SH STABILITY
|
45
|
+
Unstable - in development.
|
46
|
+
.SH AUTHOR
|
47
|
+
Brendan Gregg
|
48
|
+
.SH SEE ALSO
|
49
|
+
perf(1)
|
@@ -0,0 +1,96 @@
|
|
1
|
+
.TH syscount 8 "2014-07-07" "USER COMMANDS"
|
2
|
+
.SH NAME
|
3
|
+
syscount \- count system calls. Uses Linux perf_events.
|
4
|
+
.SH SYNOPSIS
|
5
|
+
.B syscount
|
6
|
+
[\-chv] [\-t top] {\-p PID|\-d seconds|command}
|
7
|
+
.SH DESCRIPTION
|
8
|
+
This is a proof-of-concept using perf_events capabilities for older kernel
|
9
|
+
versions, that lack custom in-kernel aggregations. Once they exist, this
|
10
|
+
script can be substantially rewritten and improved (lower overhead).
|
11
|
+
.SH REQUIREMENTS
|
12
|
+
Linux perf_events: add linux-tools-common, run "perf", then
|
13
|
+
add any additional packages it requests. Also needs awk.
|
14
|
+
.SH OPTIONS
|
15
|
+
.TP
|
16
|
+
\-c
|
17
|
+
Show counts by syscall name. This mode (without -v) uses in-kernel counts, which
|
18
|
+
have lower overhead than the default mode.
|
19
|
+
.TP
|
20
|
+
\-h
|
21
|
+
Usage message.
|
22
|
+
.TP
|
23
|
+
\-v
|
24
|
+
Verbose: include PID.
|
25
|
+
.TP
|
26
|
+
\-p PID
|
27
|
+
Trace this process ID only.
|
28
|
+
.TP
|
29
|
+
\-d seconds
|
30
|
+
Duration of trace in seconds.
|
31
|
+
.TP
|
32
|
+
command
|
33
|
+
Run and trace this command.
|
34
|
+
.SH EXAMPLES
|
35
|
+
.TP
|
36
|
+
Trace and summarize syscalls by process name:
|
37
|
+
#
|
38
|
+
.B syscount
|
39
|
+
.TP
|
40
|
+
Trace and summarize syscalls by syscall name (lower overhead):
|
41
|
+
#
|
42
|
+
.B syscount \-c
|
43
|
+
.TP
|
44
|
+
Trace for 5 seconds, showing by process name:
|
45
|
+
#
|
46
|
+
.B syscount \-d 5
|
47
|
+
.TP
|
48
|
+
Trace PID 932 only, and show by syscall name (lower overhead):
|
49
|
+
#
|
50
|
+
.B syscount \-cp 923
|
51
|
+
.TP
|
52
|
+
Execute the """ls""" command, and show by syscall name:
|
53
|
+
#
|
54
|
+
.B syscount -c ls
|
55
|
+
.SH FIELDS
|
56
|
+
.TP
|
57
|
+
PID
|
58
|
+
Process ID.
|
59
|
+
.TP
|
60
|
+
COMM
|
61
|
+
Process command name.
|
62
|
+
.TP
|
63
|
+
SYSCALL
|
64
|
+
Syscall name.
|
65
|
+
.TP
|
66
|
+
COUNT
|
67
|
+
Number of syscalls during tracing.
|
68
|
+
.SH OVERHEAD
|
69
|
+
Modes that report syscall names only (\-c, \-cp PID, \-cd secs) have
|
70
|
+
lower overhead, since they use in-kernel counts. Other modes which report
|
71
|
+
process IDs (\-cv) or process names (default) create a perf.data file for
|
72
|
+
post processing, and you will see messages about it doing this. Beware of
|
73
|
+
the file size (test for short durations, or use \-c to see counts based on
|
74
|
+
in-kernel counters), and gauge overheads based on the perf.data size.
|
75
|
+
|
76
|
+
Note that this script delibrately does not pipe perf record into
|
77
|
+
perf script, which would avoid perf.data, because it can create a feedback
|
78
|
+
loop where the perf script syscalls are recorded. Hopefully there will be a
|
79
|
+
fix for this in a later perf version, so perf.data can be skipped, or other
|
80
|
+
kernel features to aggregate by process name in-kernel directly (eg, via
|
81
|
+
eBPF, ktap, or SystemTap).
|
82
|
+
.SH SOURCE
|
83
|
+
This is from the perf-tools collection.
|
84
|
+
.IP
|
85
|
+
https://github.com/brendangregg/perf-tools
|
86
|
+
.PP
|
87
|
+
Also look under the examples directory for a text file containing example
|
88
|
+
usage, output, and commentary for this tool.
|
89
|
+
.SH OS
|
90
|
+
Linux
|
91
|
+
.SH STABILITY
|
92
|
+
Unstable - in development.
|
93
|
+
.SH AUTHOR
|
94
|
+
Brendan Gregg
|
95
|
+
.SH SEE ALSO
|
96
|
+
iosnoop(8), iolatency(8), iostat(1)
|