SystemTap で特定のプロセスが発行したシステムコールを表示する

スクリプトを用意する

  • targeted.stp
probe syscall.* {
        if ( pid() == target() )
        printf("Syscall: %s\n",name)
}

実行してみる

$ ping localhost
$ ps -elf|grep [p]ing
4 S oracle    3198  3169  0  75   0 -   493 416062 00:44 pts/0    00:00:00 ping localhost
# stap ./targeted.stp -x 3198
Syscall: gettimeofday
Syscall: gettimeofday
Syscall: sendmsg
Syscall: recvmsg
Syscall: write
Syscall: gettimeofday
Syscall: recvmsg
Syscall: gettimeofday
Syscall: gettimeofday
Syscall: sendmsg
Syscall: recvmsg
Syscall: write
Syscall: gettimeofday
Syscall: recvmsg
Syscall: gettimeofday
Syscall: gettimeofday
Syscall: sendmsg
Syscall: recvmsg
Syscall: write
Syscall: gettimeofday
Syscall: recvmsg
...