From 9e522dfc27872bd28ab5a4f7fbfbfd7cc843e3cb Mon Sep 17 00:00:00 2001 From: ddomingo Date: Thu, 9 Oct 2008 13:09:55 +1000 Subject: added new stuff --- .../en-US/Useful_Scripts-inodewatch.xml | 71 ++++++++++++++++++++++ .../en-US/Useful_Scripts-inodewatch2.xml | 57 +++++++++++++++++ .../en-US/Useful_Scripts-paracallgraph.xml | 4 +- .../en-US/Useful_Scripts-traceio2.xml | 19 +++++- .../en-US/Useful_SystemTap_Scripts.xml | 3 + 5 files changed, 150 insertions(+), 4 deletions(-) create mode 100644 doc/SystemTap_Beginners_Guide/en-US/Useful_Scripts-inodewatch.xml create mode 100644 doc/SystemTap_Beginners_Guide/en-US/Useful_Scripts-inodewatch2.xml (limited to 'doc/SystemTap_Beginners_Guide') diff --git a/doc/SystemTap_Beginners_Guide/en-US/Useful_Scripts-inodewatch.xml b/doc/SystemTap_Beginners_Guide/en-US/Useful_Scripts-inodewatch.xml new file mode 100644 index 00000000..96e58bb4 --- /dev/null +++ b/doc/SystemTap_Beginners_Guide/en-US/Useful_Scripts-inodewatch.xml @@ -0,0 +1,71 @@ + + + + +
+ Monitoring Reads and Writes to a File + + + +WAR STORY: monitoring inode activity http://sourceware.org/systemtap/wiki/WSFileMonitor?highlight=((WarStories)) + + + +no script in examples + + + + This section describes how to monitor reads from and writes to a file in real time. + + + inodewatch.stp + + +probe kernel.function ("vfs_write"), + kernel.function ("vfs_read") +{ + dev_nr = $file->f_dentry->d_inode->i_sb->s_dev + inode_nr = $file->f_dentry->d_inode->i_ino + + if (dev_nr == ($1 << 20 | $2) # major/minor device + && inode_nr == $3) + printf ("%s(%d) %s 0x%x/%u\n", + execname(), pid(), probefunc(), dev_nr, inode_nr) +} + + + + + takes the following information about the file as an argument: + + + The file's device number, in integer format. When this is passed to the script as the first argument, be sure to replace any 0 with a space. + + The file's inode number. + + +To get this information, use stat -c '%D %i' filename, where filename is an absolute path. + +For instance: if you wish to monitor /etc/crontab, run stat -c '%D %i' /etc/crontab first. This gives the following output: + + +805 1078319 + + +805 is the device number, while 1078319 is the inode number. To start monitoring /etc/crontab, run stap inodewatch.stp 8 5 1078319. + +The output of this command contains the name and ID of any process performing a read/write, the function it is performing (i.e. vfs_read or vfs_write), the device number (in hex format), and the inode number. contains the output of stap inodewatch.stp 8 5 1078319 (when cat /etc/crontab is executed while the script is running) : + + + + <xref linkend="inodewatch"/> Sample Output + +cat(16437) vfs_read 0x800005/1078319 +cat(16437) vfs_read 0x800005/1078319 + + + + +
+ diff --git a/doc/SystemTap_Beginners_Guide/en-US/Useful_Scripts-inodewatch2.xml b/doc/SystemTap_Beginners_Guide/en-US/Useful_Scripts-inodewatch2.xml new file mode 100644 index 00000000..300029cc --- /dev/null +++ b/doc/SystemTap_Beginners_Guide/en-US/Useful_Scripts-inodewatch2.xml @@ -0,0 +1,57 @@ + + + + +
+ Monitoring Changes to File Attributes + + + + WAR STORY: monitoring more inode activity http://sourceware.org/systemtap/wiki/WSFileMonitor2?highlight=((WarStories)) + + + +no script in examples + + + + This section describes how to monitor if any processes are changing the attributes of a targeted file, in real time. + + + inodewatch2.stp + + +global ATTR_MODE = 1 # .... + +probe kernel.function("inode_setattr") { + dev_nr = $inode->i_sb->s_dev + inode_nr = $inode->i_ino + + if (dev_nr == ($1 << 20 | $2) # major/minor device + && inode_nr == $3 + && $attr->ia_valid & ATTR_MODE) + printf ("%s(%d) %s 0x%x/%u %o %d\n", + execname(), pid(), probefunc(), dev_nr, inode_nr, $attr->ia_mode, uid()) + } + + + + +Like from , takes the targeted file's device number (in integer format) and inode number as arguments. For more information on how to retrieve this information, refer to . + +The output for is similar to that of , except that also contains the attribute changes to the monitored file, as well as the ID of the user responsible (uid()). contains shows the output of while monitoring /home/joe/bigfile when user joe executes chmod 777 /home/joe/bigfile and chmod 666 /home/joe/bigfile. + + + + + <xref linkend="inodewatch2"/> Sample Output + +chmod(17448) inode_setattr 0x800005/6011835 100777 500 +chmod(17449) inode_setattr 0x800005/6011835 100666 500 + + + + +
+ diff --git a/doc/SystemTap_Beginners_Guide/en-US/Useful_Scripts-paracallgraph.xml b/doc/SystemTap_Beginners_Guide/en-US/Useful_Scripts-paracallgraph.xml index 4e438d89..3540a2c4 100644 --- a/doc/SystemTap_Beginners_Guide/en-US/Useful_Scripts-paracallgraph.xml +++ b/doc/SystemTap_Beginners_Guide/en-US/Useful_Scripts-paracallgraph.xml @@ -53,9 +53,11 @@ probe kernel.function(@2).return { trace(-1) } The probe function whose entry/exit you'd like to trace (@2). + please verify previous if correct; i'm particularly interested in finding out how to better describe "trigger function" + uses thread_indent(); as such, its output contains the timestamp, process name, and thread ID of @2 (i.e. the probe function you are tracing). For more information about thread_indent(), refer to its entry in . - The following example contains a snippet of the output for stap para-callgraph.stp sys_read '*@fs/*.c': + The following example contains an excerpt from the output for stap para-callgraph.stp sys_read '*@fs/*.c': diff --git a/doc/SystemTap_Beginners_Guide/en-US/Useful_Scripts-traceio2.xml b/doc/SystemTap_Beginners_Guide/en-US/Useful_Scripts-traceio2.xml index d0b91025..68b337f1 100644 --- a/doc/SystemTap_Beginners_Guide/en-US/Useful_Scripts-traceio2.xml +++ b/doc/SystemTap_Beginners_Guide/en-US/Useful_Scripts-traceio2.xml @@ -4,6 +4,19 @@
I/O Monitoring (By Device) + + + example from http://sourceware.org/systemtap/examples/io/traceio2.stp, but error + + + + WAR STORY: http://sourceware.org/systemtap/wiki/WSDeviceMonitor?highlight=((WarStories)), but script errored + + + + was able to correct script through http://sourceware.org/systemtap/wiki/WSFileMonitor?highlight=((WarStories)) + + This section describes how to monitor I/O activity on a specific device. @@ -44,11 +57,11 @@ semantic error: field 'f_dentry' not found inode_nr = $file->f_path->dentry->d_inode->i_ino - takes 2 arguments: the major and minor numbers of the device you wish to monitor. Its output includes the name of the process name, process ID, the function being probes (i.e. vfs_read or vfs_write), and the byte address being read from or written to. + takes 2 arguments: the major and minor numbers of the device you wish to monitor. Its output includes the name and ID of any process performing a read/write, the function it is performing (i.e. vfs_read or vfs_write), and the device number (in hex format). -please verify if "0x800005" is "the byte address being read from or written to" +please verify if "0x800005" is "device number (in hex format)", and why it needs to be stated buy -The following example is a snippet from the output of stap traceio2.stp 8 5, where 8 5 is the MAJOR:MINOR device number of /dev/sda5 (which we determined through cat /sys/block/sda/sda5/dev). +The following example is an excerpt from the full output of stap traceio2.stp 8 5, where 8 5 is the MAJOR:MINOR device number of /dev/sda5 (which we determined through cat /sys/block/sda/sda5/dev). <xref linkend="traceio2"/> Sample Output diff --git a/doc/SystemTap_Beginners_Guide/en-US/Useful_SystemTap_Scripts.xml b/doc/SystemTap_Beginners_Guide/en-US/Useful_SystemTap_Scripts.xml index 3bc44461..d3d592ca 100644 --- a/doc/SystemTap_Beginners_Guide/en-US/Useful_SystemTap_Scripts.xml +++ b/doc/SystemTap_Beginners_Guide/en-US/Useful_SystemTap_Scripts.xml @@ -26,6 +26,9 @@ + + +