Systemtap
跳转到导航
跳转到搜索
参数
-v- 显示详情。默认什么都不显示的。
-t- 显示时间统计;在时间超限时显示实际等待的时间
脚本示例
信号
显示信号收发情况:
#!/usr/bin/env stap
probe signal.send {
printf("%s was sent to %s (pid:%d) by %s uid:%d\n",
sig_name, pid_name, sig_pid, execname(), uid())
}
I/O
每隔一秒显示进程 I/O 统计:
#!/usr/bin/env stap
global reads, writes, total_io
probe vfs.read.return {
reads[execname(), pid()] += bytes_read
}
probe vfs.write.return {
writes[execname(), pid()] += bytes_written
}
probe timer.s(1) {
foreach([name, pid] in writes){
total_io_w += writes[name, pid]
total_io[name, pid] += writes[name, pid]
}
foreach([name, pid] in reads){
total_io_r += reads[name, pid]
total_io[name, pid] += reads[name, pid]
}
printf ("%23s\t%10s\t%10s\n", "Process(pid)", "KB Read", "KB Written")
foreach([name, pid] in total_io- limit 10)
printf("%16s(%5d)\t%10d\t%10d\n", name, pid,
reads[name, pid]/1024, writes[name, pid]/1024)
printf("%23s\t%10d\t%10d\n", "(TOTAL)", total_io_r/1024, total_io_w/1024)
#delete reads
#delete writes
#delete total_io
print("\n")
}
资源使用可能超过限制,因此要放宽这些限制:
stap -v iolog.stp -DMAXMAPENTRIES=10240 -DTRYLOCKDELAY=1000 -DMAXACTION=400
网络
在指定进程向 UNIX 域套接字发送数据时打印其一一个对端的 pid(当前 PID 空间中):
probe kernel.function("unix_stream_sendmsg").return {
if(pid() == 21856){
printf("%d\n", $sock->sk->sk_peer_pid->numbers[0]->nr);
}
}
内核选项
要支持用户空间支持,旧内核需要 utrace 补丁,新内核(>= 3.5)[1][2]打开 Kernel hacking -> Tracers -> Enable uprobes-based dynamic events 选项即可。
参见
外部链接
- SystemTap Examples
- SystemTap Tapset Reference Manual
- ScriptsTools - Systemtap Wiki
- Tag: Systemtap | Erlang非业余研究
- Linux下方便的socket读写查看器(socktop) | Erlang非业余研究
- SystemTap Language Reference
- 有用的 SystemTap 脚本 - SegmentFault
- openresty/nginx-systemtap-toolkit: Real-time analyzing and diagnosing tools for Nginx based on SystemTap
- disk 100% busy,谁造成的? | Linux Performance