#!/usr/bin/python # # syncsnoop Trace sync() syscall. # For Linux, uses BCC, eBPF. Embedded C. # # Written as a basic example of BCC trace & reformat. See # examples/hello_world.py for a BCC trace with default output example. # # Copyright (c) 2015 Brendan Gregg. # Licensed under the Apache License, Version 2.0 (the "License") # # 13-Aug-2015 Brendan Gregg Created this. from __future__ import print_function from bpf import BPF import sys # load BPF program b = BPF(text = """ int do_sync(void *ctx) { bpf_trace_printk("sync()\\n"); return 0; }; """) b.attach_kprobe(event="sys_sync") # header print("%-18s %s" % ("TIME(s)", "CALL")) # open trace pipe try: trace = open("/sys/kernel/debug/tracing/trace_pipe", "r") except: print("ERROR: opening trace_pipe", file=sys.stderr) exit(1) # format output while 1: try: line = trace.readline().rstrip() except KeyboardInterrupt: pass; exit() prolog, time_s, colon, word = line.rsplit(" ", 3) time_s = time_s[:-1] # strip trailing ":" print("%-18s %s" % (time_s, word))