43 lines
1.1 KiB
Plaintext
43 lines
1.1 KiB
Plaintext
Demonstrations of syscount, the Linux bpftrace/eBPF version.
|
|
|
|
|
|
syscount counts system calls, and prints summaries of the top ten syscall IDs,
|
|
and the top ten process names making syscalls. For example:
|
|
|
|
# ./syscount.bt
|
|
Attaching 3 probes...
|
|
Counting syscalls... Hit Ctrl-C to end.
|
|
^C
|
|
Top 10 syscalls IDs:
|
|
@syscall[6]: 36862
|
|
@syscall[21]: 42189
|
|
@syscall[13]: 44532
|
|
@syscall[12]: 58456
|
|
@syscall[9]: 82113
|
|
@syscall[8]: 95575
|
|
@syscall[5]: 147658
|
|
@syscall[3]: 163269
|
|
@syscall[2]: 270801
|
|
@syscall[4]: 326333
|
|
|
|
Top 10 processes:
|
|
@process[rm]: 14360
|
|
@process[tail]: 16011
|
|
@process[objtool]: 20767
|
|
@process[fixdep]: 28489
|
|
@process[as]: 48982
|
|
@process[gcc]: 90652
|
|
@process[command-not-fou]: 172874
|
|
@process[sh]: 270515
|
|
@process[cc1]: 482888
|
|
@process[make]: 1404065
|
|
|
|
The above output was traced during a Linux kernel build, and the process name
|
|
with the most syscalls was "make" with 1,404,065 syscalls while tracing. The
|
|
highest syscall ID was 4, which is stat().
|
|
|
|
|
|
There is another version of this tool in bcc: https://github.com/iovisor/bcc
|
|
The bcc version provides different command line options, and translates the
|
|
syscall IDs to their syscall names.
|