The bpftrace is a high-level tracing tool for Linux that allows developers and system administrators to write short scripts to investigate the behavior of the system, applications, or the kernel using eBPF (Extended Berkeley Packet Filter) technology.
Install bpftrace
Update the package lists:
sudo apt updateExecute the following command to install bpftrace:
sudo apt install -y bpftraceAfter installation, we can check the bpftrace version with the following command:
bpftrace --versionTesting bpftrace
The bpftrace uses its own scripting language inspired by awk and C, making it approachable for users familiar with those.
To use bpftrace, you write a short script that defines what events to trace and how to respond when they're triggered. For example:
sudo bpftrace -e 'tracepoint:syscalls:sys_enter_openat { @[comm] = count(); }'This command traces every openat system call and counts how many times each process (by name, comm) makes it. After pressing CTRL+C to stop, you'll see a summary of which processes called openat and how many times.
Output example:
Attaching 1 probe...
^C
@[systemd]: 2
@[systemd-network]: 3Uninstall bpftrace
To completely uninstall bpftrace and all its associated dependencies, execute the following command:
sudo apt purge --autoremove -y bpftrace
Leave a Comment
Cancel reply