Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
B
bcc
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Kirill Smelkov
bcc
Commits
0c405db0
Commit
0c405db0
authored
Jan 11, 2018
by
yonghong-song
Committed by
GitHub
Jan 11, 2018
Browse files
Options
Browse Files
Download
Plain Diff
Merge pull request #1526 from luciang/master
tools: syscount: add --errno=EPERM filter
parents
fe86aee7
5426ef24
Changes
3
Show whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
69 additions
and
3 deletions
+69
-3
man/man8/syscount.8
man/man8/syscount.8
+8
-1
tools/syscount.py
tools/syscount.py
+23
-0
tools/syscount_example.txt
tools/syscount_example.txt
+38
-2
No files found.
man/man8/syscount.8
View file @
0c405db0
...
@@ -2,7 +2,7 @@
...
@@ -2,7 +2,7 @@
.SH NAME
.SH NAME
syscount \- Summarize syscall counts and latencies.
syscount \- Summarize syscall counts and latencies.
.SH SYNOPSIS
.SH SYNOPSIS
.B syscount [-h] [-p PID] [-i INTERVAL] [-T TOP] [-x] [-L] [-m] [-P] [-l]
.B syscount [-h] [-p PID] [-i INTERVAL] [-T TOP] [-x] [-
e ERRNO] [-
L] [-m] [-P] [-l]
.SH DESCRIPTION
.SH DESCRIPTION
This tool traces syscall entry and exit tracepoints and summarizes either the
This tool traces syscall entry and exit tracepoints and summarizes either the
number of syscalls of each type, or the number of syscalls per process. It can
number of syscalls of each type, or the number of syscalls per process. It can
...
@@ -29,6 +29,9 @@ Print only this many entries. Default: 10.
...
@@ -29,6 +29,9 @@ Print only this many entries. Default: 10.
\-x
\-x
Trace only failed syscalls (i.e., the return value from the syscall was < 0).
Trace only failed syscalls (i.e., the return value from the syscall was < 0).
.TP
.TP
\-e ERRNO
Trace only syscalls that failed with that error (e.g. -e EPERM or -e 1).
.TP
\-m
\-m
Display times in milliseconds. Default: microseconds.
Display times in milliseconds. Default: microseconds.
.TP
.TP
...
@@ -53,6 +56,10 @@ Summarize only failed syscalls:
...
@@ -53,6 +56,10 @@ Summarize only failed syscalls:
#
#
.B syscount \-x
.B syscount \-x
.TP
.TP
Summarize only syscalls that failed with EPERM:
#
.B syscount \-e EPERM
.TP
Trace PID 181 only:
Trace PID 181 only:
#
#
.B syscount \-p 181
.B syscount \-p 181
...
...
tools/syscount.py
View file @
0c405db0
...
@@ -12,6 +12,7 @@
...
@@ -12,6 +12,7 @@
from
bcc
import
BPF
from
bcc
import
BPF
from
time
import
sleep
,
strftime
from
time
import
sleep
,
strftime
import
argparse
import
argparse
import
errno
import
itertools
import
itertools
import
subprocess
import
subprocess
import
sys
import
sys
...
@@ -368,6 +369,19 @@ except Exception as e:
...
@@ -368,6 +369,19 @@ except Exception as e:
else
:
else
:
raise
Exception
(
"ausyscall: command not found"
)
raise
Exception
(
"ausyscall: command not found"
)
def
handle_errno
(
errstr
):
try
:
return
abs
(
int
(
errstr
))
except
ValueError
:
pass
try
:
return
getattr
(
errno
,
errstr
)
except
AttributeError
:
raise
argparse
.
ArgumentTypeError
(
"couldn't map %s to an errno"
%
errstr
)
parser
=
argparse
.
ArgumentParser
(
parser
=
argparse
.
ArgumentParser
(
description
=
"Summarize syscall counts and latencies."
)
description
=
"Summarize syscall counts and latencies."
)
parser
.
add_argument
(
"-p"
,
"--pid"
,
type
=
int
,
help
=
"trace only this pid"
)
parser
.
add_argument
(
"-p"
,
"--pid"
,
type
=
int
,
help
=
"trace only this pid"
)
...
@@ -377,6 +391,8 @@ parser.add_argument("-T", "--top", type=int, default=10,
...
@@ -377,6 +391,8 @@ parser.add_argument("-T", "--top", type=int, default=10,
help
=
"print only the top syscalls by count or latency"
)
help
=
"print only the top syscalls by count or latency"
)
parser
.
add_argument
(
"-x"
,
"--failures"
,
action
=
"store_true"
,
parser
.
add_argument
(
"-x"
,
"--failures"
,
action
=
"store_true"
,
help
=
"trace only failed syscalls (return < 0)"
)
help
=
"trace only failed syscalls (return < 0)"
)
parser
.
add_argument
(
"-e"
,
"--errno"
,
type
=
handle_errno
,
help
=
"trace only syscalls that return this error (numeric or EPERM, etc.)"
)
parser
.
add_argument
(
"-L"
,
"--latency"
,
action
=
"store_true"
,
parser
.
add_argument
(
"-L"
,
"--latency"
,
action
=
"store_true"
,
help
=
"collect syscall latency"
)
help
=
"collect syscall latency"
)
parser
.
add_argument
(
"-m"
,
"--milliseconds"
,
action
=
"store_true"
,
parser
.
add_argument
(
"-m"
,
"--milliseconds"
,
action
=
"store_true"
,
...
@@ -433,6 +449,11 @@ TRACEPOINT_PROBE(raw_syscalls, sys_exit) {
...
@@ -433,6 +449,11 @@ TRACEPOINT_PROBE(raw_syscalls, sys_exit) {
return 0;
return 0;
#endif
#endif
#ifdef FILTER_ERRNO
if (args->ret != -FILTER_ERRNO)
return 0;
#endif
#ifdef BY_PROCESS
#ifdef BY_PROCESS
u32 key = pid_tgid >> 32;
u32 key = pid_tgid >> 32;
#else
#else
...
@@ -461,6 +482,8 @@ if args.pid:
...
@@ -461,6 +482,8 @@ if args.pid:
text
=
(
"#define FILTER_PID %d
\
n
"
%
args
.
pid
)
+
text
text
=
(
"#define FILTER_PID %d
\
n
"
%
args
.
pid
)
+
text
if
args
.
failures
:
if
args
.
failures
:
text
=
"#define FILTER_FAILED
\
n
"
+
text
text
=
"#define FILTER_FAILED
\
n
"
+
text
if
args
.
errno
:
text
=
"#define FILTER_ERRNO %d
\
n
"
%
abs
(
args
.
errno
)
+
text
if
args
.
latency
:
if
args
.
latency
:
text
=
"#define LATENCY
\
n
"
+
text
text
=
"#define LATENCY
\
n
"
+
text
if
args
.
process
:
if
args
.
process
:
...
...
tools/syscount_example.txt
View file @
0c405db0
...
@@ -106,10 +106,43 @@ access 1
...
@@ -106,10 +106,43 @@ access 1
pause 1
pause 1
^C
^C
Similar to -x/--failures, sometimes you only care about certain syscall
errors like EPERM or ENONET -- these are the ones that might be worth
investigating with follow-up tools like opensnoop, execsnoop, or
trace. Use the -e/--errno switch for this; the following example also
demonstrates the -e switch, for printing ENOENT failures at predefined intervals:
# syscount -e ENOENT -i 5
Tracing syscalls, printing top 10... Ctrl+C to quit.
[13:15:57]
SYSCALL COUNT
stat 4669
open 1951
access 561
lstat 62
openat 42
readlink 8
execve 4
newfstatat 1
[13:16:02]
SYSCALL COUNT
lstat 18506
stat 13087
open 2907
access 412
openat 19
readlink 12
execve 7
connect 6
unlink 1
rmdir 1
^C
USAGE:
USAGE:
# syscount -h
# syscount -h
usage: syscount.py [-h] [-p PID] [-i INTERVAL] [-T TOP] [-x] [-
L] [-m] [-P
]
usage: syscount.py [-h] [-p PID] [-i INTERVAL] [-T TOP] [-x] [-
e ERRNO] [-L
]
[-l]
[-
m] [-P] [-
l]
Summarize syscall counts and latencies.
Summarize syscall counts and latencies.
...
@@ -120,6 +153,9 @@ optional arguments:
...
@@ -120,6 +153,9 @@ optional arguments:
print summary at this interval (seconds)
print summary at this interval (seconds)
-T TOP, --top TOP print only the top syscalls by count or latency
-T TOP, --top TOP print only the top syscalls by count or latency
-x, --failures trace only failed syscalls (return < 0)
-x, --failures trace only failed syscalls (return < 0)
-e ERRNO, --errno ERRNO
trace only syscalls that return this error (numeric or
EPERM, etc.)
-L, --latency collect syscall latency
-L, --latency collect syscall latency
-m, --milliseconds display latency in milliseconds (default:
-m, --milliseconds display latency in milliseconds (default:
microseconds)
microseconds)
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment