Home | History | Annotate | Download | only in tools 
      1 Demonstrations of statsnoop, the Linux eBPF/bcc version.
      2 
      3 
      4 statsnoop traces the different stat() syscalls system-wide, and prints various
      5 details. Example output:
      6 
      7 # ./statsnoop 
      8 PID    COMM               FD ERR PATH
      9 31126  bash                0   0 .
     10 31126  bash               -1   2 /usr/local/sbin/iconfig
     11 31126  bash               -1   2 /usr/local/bin/iconfig
     12 31126  bash               -1   2 /usr/sbin/iconfig
     13 31126  bash               -1   2 /usr/bin/iconfig
     14 31126  bash               -1   2 /sbin/iconfig
     15 31126  bash               -1   2 /bin/iconfig
     16 31126  bash               -1   2 /usr/games/iconfig
     17 31126  bash               -1   2 /usr/local/games/iconfig
     18 31126  bash               -1   2 /apps/python/bin/iconfig
     19 31126  bash               -1   2 /mnt/src/llvm/build/bin/iconfig
     20 8902   command-not-fou    -1   2 /usr/bin/Modules/Setup
     21 8902   command-not-fou    -1   2 /usr/bin/lib/python3.4/os.py
     22 8902   command-not-fou    -1   2 /usr/bin/lib/python3.4/os.pyc
     23 8902   command-not-fou     0   0 /usr/lib/python3.4/os.py
     24 8902   command-not-fou    -1   2 /usr/bin/pybuilddir.txt
     25 8902   command-not-fou    -1   2 /usr/bin/lib/python3.4/lib-dynload
     26 8902   command-not-fou     0   0 /usr/lib/python3.4/lib-dynload
     27 8902   command-not-fou     0   0 /apps/python/lib/python2.7/site-packages
     28 8902   command-not-fou     0   0 /apps/python/lib/python2.7/site-packages
     29 8902   command-not-fou     0   0 /apps/python/lib/python2.7/site-packages
     30 8902   command-not-fou     0   0 /usr/lib/python3.4/
     31 8902   command-not-fou     0   0 /usr/lib/python3.4/
     32 [...]
     33 
     34 This output has caught me mistyping a command in another shell, "iconfig"
     35 instead of "ifconfig". The first several lines show the bash shell searching
     36 the $PATH, and failing to find it (ERR == 2 is file not found). Then, a
     37 "command-not-found" program executes (the name is truncated to 16 characters
     38 in the COMM field), which begins the process of searching for and suggesting
     39 a package. ie, this:
     40 
     41 # iconfig
     42 No command 'iconfig' found, did you mean:
     43  Command 'vconfig' from package 'vlan' (main)
     44  Command 'fconfig' from package 'redboot-tools' (universe)
     45  Command 'mconfig' from package 'mono-devel' (main)
     46  Command 'iwconfig' from package 'wireless-tools' (main)
     47  Command 'zconfig' from package 'python-zconfig' (universe)
     48  Command 'ifconfig' from package 'net-tools' (main)
     49 iconfig: command not found
     50 
     51 statsnoop can be used for general debugging, to see what file information has
     52 been requested, and whether those files exist. It can be used as a companion
     53 to opensnoop, which shows what files were actually opened.
     54 
     55 
     56 USAGE message:
     57 
     58 # ./statsnoop -h
     59 usage: statsnoop [-h] [-t] [-x] [-p PID]
     60 
     61 Trace stat() syscalls
     62 
     63 optional arguments:
     64   -h, --help         show this help message and exit
     65   -t, --timestamp    include timestamp on output
     66   -x, --failed       only show failed stats
     67   -p PID, --pid PID  trace this PID only
     68 
     69 examples:
     70     ./statsnoop           # trace all stat() syscalls
     71     ./statsnoop -t        # include timestamps
     72     ./statsnoop -x        # only show failed stats
     73     ./statsnoop -p 181    # only trace PID 181
     74