version 1.26, 2018/07/22 17:18:06
|
version 1.29, 2020/03/30 15:45:00
|
Line 101 Run the hello world script:
|
Line 101 Run the hello world script:
|
dtrace: script './hello.d' matched 1 probe |
dtrace: script './hello.d' matched 1 probe |
CPU ID FUNCTION:NAME |
CPU ID FUNCTION:NAME |
0 1 :BEGIN Hello world |
0 1 :BEGIN Hello world |
|
|
|
The same script could be executed as a one liner on the shell, using |
|
|
|
dtrace -n 'BEGIN { trace("Hello world"); exit(0); }' |
|
|
## A more complex example |
## A more complex example |
|
|
Line 148 made by a process
|
Line 151 made by a process
|
- `execsnoop` - snoop on execution of processes as they occur |
- `execsnoop` - snoop on execution of processes as they occur |
- `opensnoop` - snoop on openning of files as they occur |
- `opensnoop` - snoop on openning of files as they occur |
- `procsystime` - print process system call time details. |
- `procsystime` - print process system call time details. |
|
|
|
## Troubleshooting |
|
|
|
The Compact C Type Format (CTF) has a 2^15 limit on types which can overflow, this prevents DTrace from |
|
working correctly. |
|
|
|
Check the number of types using `ctfdump` e.g |
|
|
|
ctfdump -S /netbsd |
|
|
|
Note the line which states `total number of types`, the value should by less than 32768. |
|
|
|
If overflow is not an issue, `libdtrace(3)` can provide some insight into what is going on via an |
|
environment variable. Define `DTRACE_DEBUG` before tracing. |
|
|
|
env DTRACE_DEBUG= execsnoop |
|
|