HiveBrain v1.2.0
Get Started
← Back to all entries
snippetbashTip

bpftrace — High-level tracing language for Linux eBPF. More information: <https://github.com/bpftrace/bpftrace/

Submitted by: @import:tldr-pages··
0
Viewed 0 times
commandlanguagelevelclihighforbpftracetracing
linux

Problem

How to use the bpftrace command: High-level tracing language for Linux eBPF. More information: <https://github.com/bpftrace/bpftrace/blob/master/man/adoc/bpftrace.adoc>.

Solution

bpftrace — High-level tracing language for Linux eBPF. More information: <https://github.com/bpftrace/bpftrace/blob/master/man/adoc/bpftrace.adoc>.

List all available probes:
sudo bpftrace -l


Run a one-liner program (e.g. syscall count by program):
sudo bpftrace -e '{{tracepoint:raw_syscalls:sys_enter { @[comm] = count(); }}}'


Run a program from a file:
sudo bpftrace {{path/to/file}}


Trace a program by PID:
sudo bpftrace -e '{{tracepoint:raw_syscalls:sys_enter /pid == 123/ { @[comm] = count(); }}}'


Do a dry run and display the output in eBPF format:
sudo bpftrace -d -e '{{one_line_program}}'


Display version:
bpftrace {{[-V|--version]}}

Code Snippets

List all available probes

sudo bpftrace -l

Run a one-liner program (e.g. syscall count by program)

sudo bpftrace -e '{{tracepoint:raw_syscalls:sys_enter { @[comm] = count(); }}}'

Run a program from a file

sudo bpftrace {{path/to/file}}

Trace a program by PID

sudo bpftrace -e '{{tracepoint:raw_syscalls:sys_enter /pid == 123/ { @[comm] = count(); }}}'

Do a dry run and display the output in eBPF format

sudo bpftrace -d -e '{{one_line_program}}'

Context

tldr-pages: linux/bpftrace

Revisions (0)

No revisions yet.