diff options
| -rw-r--r-- | lket.5.in | 50 |
1 files changed, 41 insertions, 9 deletions
@@ -33,7 +33,7 @@ various different ways to generate simple to complex reports. The following sections enumerate the variety of event hooks implemented in LKET and their trace data format. The trace data generated by different -event hooks contains common data +event hooks contain common data as well as some data specific to that event hook. the INT8, INT16, INT32, INT64 and STRING appeared in trace data format @@ -45,13 +45,35 @@ The data common(i.e. in the following subsecions) to all event hooks is: .RS -usec(INT64),(pid<<32 | groupID<<24 | hookID<<16 | cpu_id<<8)(INT64) +.B usec(INT64),(pid<<32 | groupID<<24 | hookID<<16 | cpu_id<<8)(INT64) .RE Each event hook group is a collection of those hooks that have similarities of what they could trace. And the ID of each event hook (HookID) is defined in the context of its corresponding group. +.SS EVENT REGISTER (GROUPID=1) +Event register is not actually an event. It is used to log the +metadata of the trace data, including the extra trace data appended by user. +See +.B EVENT REGISTER +and +.B CUSTOMIZED TRACE DATA +for more details. + +.P +.TP +.B register_sys_event(HOOKID=1) +This is a function used to register event hooks available in LKET. +It should be called from register_event.stp:register_sys_events(). + +.TP +.B register_user_event(HOOKID=2) +This is a function used to log the metadata of the extra +trace data appended by user for a specific event. +It should be called in the probe +.I register_event + .SS SYSTEM CALLS (GROUPID=2) You could use .I addevent.syscall @@ -74,10 +96,21 @@ Data format is: .I common_data, syscall_name(STRING) .SS PROCESS CREATION (GROUPID=3) +This group contains three sub event hooks. You could use .I addevent.process -to trace fork and execve of processes. -It contains two sub event hooks: +to trace fork and execve of processes(note that process_snapshot() +won't be included). +.P +.TP +.B process_snapshot()(HOOKID=1) +This event hook isn't a probe definition but a function. It is called +by LKET silently to take a snapshot of all running processes. + +Data format is: + +.I common_data, process_id(INT32), process_name(STRING) + .P .TP .B addevent.process.fork (HOOKID=2) @@ -563,17 +596,16 @@ Here are some examples of using LKET: .TP To turn on all event hooks: -stap -e "probe addevent.* {}" -I /usr/local/share/systemtap/tapsets/LKET -b -M +stap -e "probe addevent.* {}" -I /usr/share/systemtap/tapsets/LKET -bM .TP To probe syscall: -stap -e "probe addevent.syscall {}" -I /usr/local/share/systemtap/tapsets/LKET -b -M +stap -e "probe addevent.syscall {}" -I /usr/share/systemtap/tapsets/LKET -bM .TP To only probe syscall.entry: -stap -e "probe addevent.syscall.entry {}" -I /usr/local/share/systemtap/tapsets/LKET -b -M +stap -e "probe addevent.syscall.entry {}" -I /usr/share/systemtap/tapsets/LKET -bM .TP To probe netdev transmition and log extra data of mac_len and priority: -stap -e "probe addevent.netdev.transmit { printf(\\"%4b%4b\\", skb->mac_len, skb->priority) }" -I /usr/local/share/systemtap/tapsets/LKET -b -M - +stap -e "probe addevent.netdev.transmit { printf(\\"%4b%4b\\", skb->mac_len, skb->priority) }" -I /usr/share/systemtap/tapsets/LKET -bM .SH SEE ALSO .IR stap (1) |