SystemTap is a tool that allows you to collect and analyze information about a running Linux system.
| Systemtap | |
|---|---|
| Type of | Trace |
| Developer | community |
| Written on | C ++ user scripts |
| operating system | Linux |
| First edition | 2005 |
| Hardware platform | |
| Latest version | 3.3 [1] (June 8, 2018) |
| License | GNU General Public License |
| Site | sourceware.org/systemtap/ |
Unlike built-in tools such as netstat , ps , top , SystemTap was designed to provide more options for collecting and presenting information.
SystemTap is a command line interface and scripting language .
System administrators can use SystemTap to monitor and analyze system performance, and software developers can use SystemTap to analyze application behavior on a running system.
Such companies as Red Hat , IBM , Oracle Corporation , Hitachi participate in the development of the SystemTap project. [2]
Content
Principle of Operation
The main idea of SystemTap is to label events and assign handlers to them.
During the execution of the script, SystemTap monitors events and, as soon as an event occurs, the kernel of the system will execute a handler.
Events can be the beginning or end of a SystemTap session, a timer, and others.
A handler is a sequence of script statements that will be executed after an event is triggered. Typically, handlers extract information from the context of an event or display information on the screen.
The SystemTap session begins when we execute the script. At this time, the following sequence of actions occurs:
- First, SystemTap checks the library of “tapsets” for the ones used in the script;
- Then SystemTap translates the script into C and runs the system compiler to create the kernel module from the script;
- SystemTap loads the module and activates all events in the script;
- As soon as an event occurs, the event handler is executed;
- When all events are completed, the module is unloaded and the session ends.
Scripts
Events
Synchronous Events
Synchronous events are bound to an instruction in a specific place in the kernel code.
Examples of synchronous events:
- syscall.system_call
- vfs.file_operation
- kernel.function ("function")
- module ("module"). function ("function")
Asynchronous Events
Asynchronous events are not tied to a specific instruction or a specific place in the kernel code.
Examples of asynchronous events:
- begin - start of a SystemTap session
- end - end of the SystemTap session
- timer.event () - timer countdown (timer.s (4) - the event will fire every 4 seconds)
Handlers
The event handler is enclosed in braces ({}).
To display the screen, use the printf format output function ("format string \ n", arguments), which is similar to a similar function in C.
Some SystemTap functions to use with printf ():
- pid () - process ID
- uid () - user ID
- execname () - process name
- cpu () - processor number
Script Example
Script:
probe syscall.open
{
printf ("% s (% d) open \ n", execname (), pid ())
}
Result:
vmware-guestd (2206) open hald (2360) open hald (2360) open hald (2360) open df (3433) open df (3433) open df (3433) open hald (2360) open
See also
- Dtrace
Notes
- ↑ LKML: "Frank Ch. Eigler": systemtap 3.3 release . lkml.org. Date of treatment June 10, 2018.
- ↑ A SystemTap update