bpftrace
High-level tracing language for Linux eBPF. More information: https://github.com/iovisor/bpftrace.
- Display bpftrace version:
bpftrace -V
- List all available probes:
sudo bpftrace -l
- Run a one-liner program (e.g. syscall count by program):
sudo bpftrace -e '{{tracepoint:raw_syscalls:sys_enter { @[comm] = count(); }}}'
- Run a program from a file:
sudo bpftrace {{path/to/file}}
- Trace a program by PID:
sudo bpftrace -e '{{tracepoint:raw_syscalls:sys_enter /pid == 123/ { @[comm] = count(); }}}'
- Do a dry run and display the output in eBPF format:
sudo bpftrace -d -e '{{one_line_program}}'