maurorappa/gist:652b5234881684f6a6d5f646f757af86

## gistfile1.txt
Check all available kernel tracepoints, for example:

  # cat /sys/kernel/debug/tracing/events/syscalls/sys_enter_adjtimex/format
    name: sys_enter_adjtimex
    ID: 345
    format:
    …..
    field:int common_pid;   offset:4;       size:4; signed:1;

    …..

Run this oneliner using bpftrace utility:

    # bpftrace -e 'tracepoint:syscalls:sys_enter_adjtimex {printf("clock adjusted by pid %d\n",pid)}'
    Attaching 1 probe...
    clock adjusted by pid 199758
    clock adjusted by pid 199758
    clock adjusted by pid 199758
    clock adjusted by pid 199758
	Check all available kernel tracepoints, for example:

	# cat /sys/kernel/debug/tracing/events/syscalls/sys_enter_adjtimex/format
	name: sys_enter_adjtimex
	ID: 345
	format:
	…..
	field:int common_pid; offset:4; size:4; signed:1;

	…..

	Run this oneliner using bpftrace utility:

	# bpftrace -e 'tracepoint:syscalls:sys_enter_adjtimex {printf("clock adjusted by pid %d\n",pid)}'
	Attaching 1 probe...
	clock adjusted by pid 199758
	clock adjusted by pid 199758
	clock adjusted by pid 199758
	clock adjusted by pid 199758