Last active
March 27, 2018 00:06
-
-
Save cedriczirtacic/e56f6a13a752422eb9e03cda7cc95394 to your computer and use it in GitHub Desktop.
dtrace oneliners
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# dtrace_oneliners.txt - DTrace one liners. Handy commands. | |
# | |
# 25-Apr-2005, ver 0.70 (first release) | |
# | |
# Standard Disclaimer: This is freeware, use at your own risk. | |
# | |
# 25-Apr-2005 Brendan Gregg Created this. | |
# | |
# Contents | |
# | |
DTrace One Liners, | |
# New processes with arguments, | |
dtrace -n 'proc:::exec-success { trace(curpsinfo->pr_psargs); }' | |
# Files opened by process, | |
dtrace -n 'syscall::open*:entry { printf("%s %s",execname,copyinstr(arg0)); }' | |
# Syscall count by program, | |
dtrace -n 'syscall:::entry { @num[execname] = count(); }' | |
# Syscall count by syscall, | |
dtrace -n 'syscall:::entry { @num[probefunc] = count(); }' | |
# Syscall count by process, | |
dtrace -n 'syscall:::entry { @num[pid,execname] = count(); }' | |
# Read bytes by process, | |
dtrace -n 'sysinfo:::readch { @bytes[execname] = sum(arg0); }' | |
# Write bytes by process, | |
dtrace -n 'sysinfo:::writech { @bytes[execname] = sum(arg0); }' | |
# Read size distribution by process, | |
dtrace -n 'sysinfo:::readch { @dist[execname] = quantize(arg0); }' | |
# Write size distribution by process, | |
dtrace -n 'sysinfo:::writech { @dist[execname] = quantize(arg0); }' | |
# Disk size by process, | |
dtrace -n 'io:::start { printf("%d %s %d",pid,execname,args[0]->b_bcount); }' | |
# Pages paged in by process, | |
dtrace -n 'vminfo:::pgpgin { @pg[execname] = sum(arg0); }' | |
# Minor faults by process, | |
dtrace -n 'vminfo:::as_fault { @mem[execname] = sum(arg0); }' | |
# Interrupts by CPU, | |
dtrace -n 'sdt:::interrupt-start { @num[cpu] = count(); }' | |
DTrace Longer One Liners, | |
# New processes with arguments and time, | |
dtrace -qn 'syscall::exec*:return { printf("%Y %s\n",walltimestamp,curpsinfo->pr_psargs); }' | |
# Successful signal details, | |
dtrace -n 'proc:::signal-send /pid/ { printf("%s -%d %d",execname,args[2],args[1]->pr_pid); }' | |
# | |
# Examples | |
# | |
### New processes with arguments, | |
# dtrace -n 'proc:::exec-success { trace(curpsinfo->pr_psargs); }' | |
dtrace: description 'proc:::exec-success ' matched 1 probe | |
CPU ID FUNCTION:NAME | |
0 3297 exec_common:exec-success man ls | |
0 3297 exec_common:exec-success sh -c cd /usr/share/man; tbl /usr/share/man/man1/ls.1 |neqn /usr/share/lib/pub/ | |
0 3297 exec_common:exec-success tbl /usr/share/man/man1/ls.1 | |
0 3297 exec_common:exec-success neqn /usr/share/lib/pub/eqnchar - | |
0 3297 exec_common:exec-success nroff -u0 -Tlp -man - | |
0 3297 exec_common:exec-success col -x | |
0 3297 exec_common:exec-success sh -c trap '' 1 15; /usr/bin/mv -f /tmp/mpzIaOZF /usr/share/man/cat1/ls.1 2> /d | |
0 3297 exec_common:exec-success /usr/bin/mv -f /tmp/mpzIaOZF /usr/share/man/cat1/ls.1 | |
0 3297 exec_common:exec-success sh -c more -s /tmp/mpzIaOZF | |
0 3297 exec_common:exec-success more -s /tmp/mpzIaOZF | |
### Files opened by process, | |
# dtrace -n 'syscall::open*:entry { printf("%s %s",execname,copyinstr(arg0)); }' | |
dtrace: description 'syscall::open*:entry ' matched 2 probes | |
CPU ID FUNCTION:NAME | |
0 14 open:entry gnome-netstatus- /dev/kstat | |
0 14 open:entry man /var/ld/ld.config | |
0 14 open:entry man /lib/libc.so.1 | |
0 14 open:entry man /usr/share/man/man.cf | |
0 14 open:entry man /usr/share/man/windex | |
0 14 open:entry man /usr/share/man/man1/ls.1 | |
0 14 open:entry man /usr/share/man/man1/ls.1 | |
0 14 open:entry man /tmp/mpqea4RF | |
0 14 open:entry sh /var/ld/ld.config | |
0 14 open:entry sh /lib/libc.so.1 | |
0 14 open:entry neqn /var/ld/ld.config | |
0 14 open:entry neqn /lib/libc.so.1 | |
0 14 open:entry neqn /usr/share/lib/pub/eqnchar | |
0 14 open:entry tbl /var/ld/ld.config | |
0 14 open:entry tbl /lib/libc.so.1 | |
0 14 open:entry tbl /usr/share/man/man1/ls.1 | |
0 14 open:entry nroff /var/ld/ld.config | |
[...] | |
### Syscall count by program, | |
# dtrace -n 'syscall:::entry { @num[execname] = count(); }' | |
dtrace: description 'syscall:::entry ' matched 228 probes | |
^C | |
snmpd 1 | |
utmpd 2 | |
inetd 2 | |
nscd 7 | |
svc.startd 11 | |
sendmail 31 | |
poold 133 | |
dtrace 1720 | |
### Syscall count by syscall, | |
# dtrace -n 'syscall:::entry { @num[probefunc] = count(); }' | |
dtrace: description 'syscall:::entry ' matched 228 probes | |
^C | |
fstat 1 | |
setcontext 1 | |
lwp_park 1 | |
schedctl 1 | |
mmap 1 | |
sigaction 2 | |
pset 2 | |
lwp_sigmask 2 | |
gtime 3 | |
sysconfig 3 | |
write 4 | |
brk 6 | |
pollsys 7 | |
p_online 558 | |
ioctl 579 | |
### Syscall count by process, | |
# dtrace -n 'syscall:::entry { @num[pid,execname] = count(); }' | |
dtrace: description 'syscall:::entry ' matched 228 probes | |
^C | |
1109 svc.startd 1 | |
4588 svc.startd 2 | |
7 svc.startd 2 | |
3950 svc.startd 2 | |
1626 nscd 2 | |
870 svc.startd 2 | |
82 nscd 6 | |
5011 sendmail 10 | |
6010 poold 74 | |
8707 dtrace 1720 | |
### Read bytes by process, | |
# dtrace -n 'sysinfo:::readch { @bytes[execname] = sum(arg0); }' | |
dtrace: description 'sysinfo:::readch ' matched 4 probes | |
^C | |
mozilla-bin 16 | |
gnome-smproxy 64 | |
metacity 64 | |
dsdm 64 | |
wnck-applet 64 | |
xscreensaver 96 | |
gnome-terminal 900 | |
ttymon 5952 | |
Xorg 17544 | |
### Write bytes by process, | |
# dtrace -n 'sysinfo:::writech { @bytes[execname] = sum(arg0); }' | |
dtrace: description 'sysinfo:::writech ' matched 4 probes | |
^C | |
dtrace 1 | |
gnome-settings-d 8 | |
xscreensaver 8 | |
gnome-panel 8 | |
nautilus 8 | |
date 29 | |
wnck-applet 120 | |
bash 210 | |
mozilla-bin 1497 | |
ls 1947 | |
metacity 3172 | |
Xorg 7424 | |
gnome-terminal 51955 | |
### Read size distribution by process, | |
# dtrace -n 'sysinfo:::readch { @dist[execname] = quantize(arg0); }' | |
dtrace: description 'sysinfo:::readch ' matched 4 probes | |
^C | |
[...] | |
gnome-terminal | |
value ------------- Distribution ------------- count | |
16 | 0 | |
32 |@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ 15 | |
64 |@@@ 1 | |
128 | 0 | |
Xorg | |
value ------------- Distribution ------------- count | |
-1 | 0 | |
0 |@@@@@@@@@@@@@@@@@@@ 26 | |
1 | 0 | |
2 | 0 | |
4 | 0 | |
8 |@@@@ 6 | |
16 |@ 2 | |
32 |@ 2 | |
64 | 0 | |
128 |@@@@@@@@ 11 | |
256 |@@@ 4 | |
512 | 0 | |
### Write size distribution by process, | |
# dtrace -n 'sysinfo:::writech { @dist[execname] = quantize(arg0); }' | |
dtrace: description 'sysinfo:::writech ' matched 4 probes | |
^C | |
[...] | |
Xorg | |
value ------------- Distribution ------------- count | |
16 | 0 | |
32 |@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ 169 | |
64 |@@@ 16 | |
128 |@@ 10 | |
256 | 0 | |
gnome-terminal | |
value ------------- Distribution ------------- count | |
0 | 0 | |
1 |@@ 6 | |
2 | 0 | |
4 | 0 | |
8 | 1 | |
16 |@ 2 | |
32 |@@@ 7 | |
64 | 0 | |
128 |@@@@@@@@@@@@@@@@@@@@@@@ 63 | |
256 |@@@@ 10 | |
512 | 1 | |
1024 |@@@@@ 13 | |
2048 |@ 2 | |
4096 |@@@ 7 | |
### Disk size by process, | |
# dtrace -n 'io:::start { printf("%d %s %d",pid,execname,args[0]->b_bcount); }' | |
0 3271 bdev_strategy:start 16459 tar 1024 | |
0 3271 bdev_strategy:start 16459 tar 1024 | |
0 3271 bdev_strategy:start 16459 tar 2048 | |
0 3271 bdev_strategy:start 16459 tar 1024 | |
0 3271 bdev_strategy:start 16459 tar 1024 | |
0 3271 bdev_strategy:start 16459 tar 1024 | |
0 3271 bdev_strategy:start 16459 tar 8192 | |
0 3271 bdev_strategy:start 16459 tar 8192 | |
0 3271 bdev_strategy:start 16459 tar 16384 | |
0 3271 bdev_strategy:start 16459 tar 2048 | |
0 3271 bdev_strategy:start 16459 tar 1024 | |
0 3271 bdev_strategy:start 16459 tar 1024 | |
### Pages paged in by process, | |
# dtrace -n 'vminfo:::pgpgin { @pg[execname] = sum(arg0); }' | |
dtrace: description 'vminfo:::pgpgin ' matched 1 probe | |
^C | |
ttymon 1 | |
bash 1 | |
mozilla-bin 36 | |
tar 6661 | |
### Minor faults by process, | |
# dtrace -n 'vminfo:::as_fault { @mem[execname] = sum(arg0); }' | |
dtrace: description 'vminfo:::as_fault ' matched 1 probe | |
^C | |
mozilla-bin 18 | |
dtrace 57 | |
find 64 | |
bash 150 | |
tar 501 | |
### Interrupts by CPU, | |
# dtrace -n 'sdt:::interrupt-start { @num[cpu] = count(); }' | |
dtrace: description 'sdt:::interrupt-start ' matched 1 probe | |
^C | |
513 2 | |
515 4 | |
3 39 | |
2 39 | |
### New processes with arguments and time, | |
# dtrace -qn 'syscall::exec*:return { printf("%Y %s\n",walltimestamp,curpsinfo->pr_psargs); }' | |
2005 Apr 25 19:15:09 man ls | |
2005 Apr 25 19:15:09 sh -c cd /usr/share/man; tbl /usr/share/man/man1/ls.1 |... | |
2005 Apr 25 19:15:09 neqn /usr/share/lib/pub/eqnchar - | |
2005 Apr 25 19:15:09 tbl /usr/share/man/man1/ls.1 | |
2005 Apr 25 19:15:09 nroff -u0 -Tlp -man - | |
2005 Apr 25 19:15:09 col -x | |
2005 Apr 25 19:15:10 sh -c trap '' 1 15; /usr/bin/mv -f /tmp/mpRZaqTF /usr/s... | |
2005 Apr 25 19:15:10 /usr/bin/mv -f /tmp/mpRZaqTF /usr/share/man/cat1/ls.1 | |
2005 Apr 25 19:15:10 sh -c more -s /tmp/mpRZaqTF | |
2005 Apr 25 19:15:10 more -s /tmp/mpRZaqTF | |
[...] | |
### Successful signal details, | |
# dtrace -n 'proc:::signal-send /pid/ { printf("%s -%d %d",execname,args[2],args[1]->pr_pid); }' | |
dtrace: description 'proc:::signal-send ' matched 1 probe | |
CPU ID FUNCTION:NAME | |
0 3303 sigtoproc:signal-send bash -15 16442 | |
0 3303 sigtoproc:signal-send bash -9 16443 | |
^C | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment