One Hat Cyber Team

Your IP: 216.73.216.144
Server IP: 157.245.143.252
Server: Linux www 6.11.0-9-generic #9-Ubuntu SMP PREEMPT_DYNAMIC Mon Oct 14 13:19:59 UTC 2024 x86_64
Server Software: nginx/1.26.0
PHP Version: 8.3.11
Buat File | Buat Folder

Dir : ~/proc/self/root/usr/share/doc/bpftrace/examples/

View File Name : syscount_example.txt

Demonstrations of syscount, the Linux bpftrace/eBPF version.


syscount counts system calls, and prints summaries of the top ten syscall IDs,
and the top ten process names making syscalls. For example:

# ./syscount.bt
Attaching 3 probes...
Counting syscalls... Hit Ctrl-C to end.
^C
Top 10 syscalls IDs:
@syscall[6]: 36862
@syscall[21]: 42189
@syscall[13]: 44532
@syscall[12]: 58456
@syscall[9]: 82113
@syscall[8]: 95575
@syscall[5]: 147658
@syscall[3]: 163269
@syscall[2]: 270801
@syscall[4]: 326333

Top 10 processes:
@process[rm]: 14360
@process[tail]: 16011
@process[objtool]: 20767
@process[fixdep]: 28489
@process[as]: 48982
@process[gcc]: 90652
@process[command-not-fou]: 172874
@process[sh]: 270515
@process[cc1]: 482888
@process[make]: 1404065

The above output was traced during a Linux kernel build, and the process name
with the most syscalls was "make" with 1,404,065 syscalls while tracing. The
highest syscall ID was 4, which is stat().


There is another version of this tool in bcc: https://github.com/iovisor/bcc
The bcc version provides different command line options, and translates the
syscall IDs to their syscall names.