Home | History | Annotate | Download | only in tools 
      1 Demonstrations of killsnoop, the Linux eBPF/bcc version.
      2 
      3 
      4 This traces signals sent via the kill() syscall. For example:
      5 
      6 # ./killsnoop
      7 TIME      PID    COMM             SIG  TPID   RESULT
      8 12:10:51  13967  bash             9    13885  0
      9 12:11:34  13967  bash             9    1024   -3
     10 12:11:41  815    systemd-udevd    15   14076  0
     11 
     12 The first line showed a SIGKILL (9) sent from PID 13967 (a bash shell) to
     13 PID 13885. The result, 0, means success.
     14 
     15 The second line showed the same signal sent, this time resulting in a -3
     16 (ESRCH: no such process).
     17 
     18 
     19 USAGE message:
     20 
     21 # ./killsnoop -h
     22 usage: killsnoop [-h] [-x] [-p PID]
     23 
     24 Trace signals issued by the kill() syscall
     25 
     26 optional arguments:
     27   -h, --help         show this help message and exit
     28   -x, --failed       only show failed kill syscalls
     29   -p PID, --pid PID  trace this PID only
     30 
     31 examples:
     32     ./killsnoop           # trace all kill() signals
     33     ./killsnoop -x        # only show failed kills
     34     ./killsnoop -p 181    # only trace PID 181
     35