You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
111 lines
2.7 KiB
111 lines
2.7 KiB
.TH syscount 8 "2017-02-15" "USER COMMANDS"
|
|
.SH NAME
|
|
syscount \- Summarize syscall counts and latencies.
|
|
.SH SYNOPSIS
|
|
.B syscount [-h] [-p PID] [-i INTERVAL] [-d DURATION] [-T TOP] [-x] [-e ERRNO] [-L] [-m] [-P] [-l]
|
|
.SH DESCRIPTION
|
|
This tool traces syscall entry and exit tracepoints and summarizes either the
|
|
number of syscalls of each type, or the number of syscalls per process. It can
|
|
also collect latency (invocation time) for each syscall or each process.
|
|
|
|
Since this uses BPF, only the root user can use this tool.
|
|
.SH REQUIREMENTS
|
|
CONFIG_BPF and bcc. Linux 4.7+ is required to attach a BPF program to the
|
|
raw_syscalls:sys_{enter,exit} tracepoints, used by this tool.
|
|
.SH OPTIONS
|
|
.TP
|
|
\-h
|
|
Print usage message.
|
|
.TP
|
|
\-p PID
|
|
Trace only this process.
|
|
.TP
|
|
\-i INTERVAL
|
|
Print the summary at the specified interval (in seconds).
|
|
.TP
|
|
\-d DURATION
|
|
Total duration of trace (in seconds).
|
|
.TP
|
|
\-T TOP
|
|
Print only this many entries. Default: 10.
|
|
.TP
|
|
\-x
|
|
Trace only failed syscalls (i.e., the return value from the syscall was < 0).
|
|
.TP
|
|
\-e ERRNO
|
|
Trace only syscalls that failed with that error (e.g. -e EPERM or -e 1).
|
|
.TP
|
|
\-m
|
|
Display times in milliseconds. Default: microseconds.
|
|
.TP
|
|
\-P
|
|
Summarize by process and not by syscall.
|
|
.TP
|
|
\-l
|
|
List the syscalls recognized by the tool (hard-coded list). Syscalls beyond this
|
|
list will still be displayed, as "[unknown: nnn]" where nnn is the syscall
|
|
number.
|
|
.SH EXAMPLES
|
|
.TP
|
|
Summarize all syscalls by syscall:
|
|
#
|
|
.B syscount
|
|
.TP
|
|
Summarize all syscalls by process:
|
|
#
|
|
.B syscount \-P
|
|
.TP
|
|
Summarize only failed syscalls:
|
|
#
|
|
.B syscount \-x
|
|
.TP
|
|
Summarize only syscalls that failed with EPERM:
|
|
#
|
|
.B syscount \-e EPERM
|
|
.TP
|
|
Trace PID 181 only:
|
|
#
|
|
.B syscount \-p 181
|
|
.TP
|
|
Summarize syscalls counts and latencies:
|
|
#
|
|
.B syscount \-L
|
|
.SH FIELDS
|
|
.TP
|
|
PID
|
|
Process ID
|
|
.TP
|
|
COMM
|
|
Process name
|
|
.TP
|
|
SYSCALL
|
|
Syscall name, or "[unknown: nnn]" for syscalls that aren't recognized
|
|
.TP
|
|
COUNT
|
|
The number of events
|
|
.TP
|
|
TIME
|
|
The total elapsed time (in us or ms)
|
|
.SH OVERHEAD
|
|
For most applications, the overhead should be manageable if they perform 1000's
|
|
or even 10,000's of syscalls per second. For higher rates, the overhead may
|
|
become considerable. For example, tracing a loop of 4 million calls to geteuid(),
|
|
slows it down by 1.85x when tracing only syscall counts, and slows it down by
|
|
more than 5x when tracing syscall counts and latencies. However, this represents
|
|
a rate of >3.5 million syscalls per second, which should not be typical.
|
|
.SH SOURCE
|
|
This is from bcc.
|
|
.IP
|
|
https://github.com/iovisor/bcc
|
|
.PP
|
|
Also look in the bcc distribution for a companion _examples.txt file containing
|
|
example usage, output, and commentary for this tool.
|
|
.SH OS
|
|
Linux
|
|
.SH STABILITY
|
|
Unstable - in development.
|
|
.SH AUTHOR
|
|
Sasha Goldshtein
|
|
.SH SEE ALSO
|
|
funccount(8), ucalls(8), argdist(8), trace(8), funclatency(8)
|