2 # DTrace OneLiners Examples
5 ### New processes with arguments,
7 # dtrace -n 'proc:::exec-success { trace(curpsinfo->pr_psargs); }'
8 dtrace: description 'proc:::exec-success ' matched 1 probe
10 0 3297 exec_common:exec-success man ls
11 0 3297 exec_common:exec-success sh -c cd /usr/share/man; tbl /usr/share/man/man1/ls.1 |neqn /usr/share/lib/pub/
12 0 3297 exec_common:exec-success tbl /usr/share/man/man1/ls.1
13 0 3297 exec_common:exec-success neqn /usr/share/lib/pub/eqnchar -
14 0 3297 exec_common:exec-success nroff -u0 -Tlp -man -
15 0 3297 exec_common:exec-success col -x
16 0 3297 exec_common:exec-success sh -c trap '' 1 15; /usr/bin/mv -f /tmp/mpzIaOZF /usr/share/man/cat1/ls.1 2> /d
17 0 3297 exec_common:exec-success /usr/bin/mv -f /tmp/mpzIaOZF /usr/share/man/cat1/ls.1
18 0 3297 exec_common:exec-success sh -c more -s /tmp/mpzIaOZF
19 0 3297 exec_common:exec-success more -s /tmp/mpzIaOZF
22 ### Files opened by process,
24 # dtrace -n 'syscall::open*:entry { printf("%s %s",execname,copyinstr(arg0)); }'
25 dtrace: description 'syscall::open*:entry ' matched 2 probes
27 0 14 open:entry gnome-netstatus- /dev/kstat
28 0 14 open:entry man /var/ld/ld.config
29 0 14 open:entry man /lib/libc.so.1
30 0 14 open:entry man /usr/share/man/man.cf
31 0 14 open:entry man /usr/share/man/windex
32 0 14 open:entry man /usr/share/man/man1/ls.1
33 0 14 open:entry man /usr/share/man/man1/ls.1
34 0 14 open:entry man /tmp/mpqea4RF
35 0 14 open:entry sh /var/ld/ld.config
36 0 14 open:entry sh /lib/libc.so.1
37 0 14 open:entry neqn /var/ld/ld.config
38 0 14 open:entry neqn /lib/libc.so.1
39 0 14 open:entry neqn /usr/share/lib/pub/eqnchar
40 0 14 open:entry tbl /var/ld/ld.config
41 0 14 open:entry tbl /lib/libc.so.1
42 0 14 open:entry tbl /usr/share/man/man1/ls.1
43 0 14 open:entry nroff /var/ld/ld.config
47 ### Syscall count by program,
49 # dtrace -n 'syscall:::entry { @num[execname] = count(); }'
50 dtrace: description 'syscall:::entry ' matched 228 probes
62 ### Syscall count by syscall,
64 # dtrace -n 'syscall:::entry { @num[probefunc] = count(); }'
65 dtrace: description 'syscall:::entry ' matched 228 probes
84 ### Syscall count by process,
86 # dtrace -n 'syscall:::entry { @num[pid,execname] = count(); }'
87 dtrace: description 'syscall:::entry ' matched 228 probes
101 ### Read bytes by process,
103 # dtrace -n 'sysinfo:::readch { @bytes[execname] = sum(arg0); }'
104 dtrace: description 'sysinfo:::readch ' matched 4 probes
118 ### Write bytes by process,
120 # dtrace -n 'sysinfo:::writech { @bytes[execname] = sum(arg0); }'
121 dtrace: description 'sysinfo:::writech ' matched 4 probes
139 ### Read size distribution by process,
141 # dtrace -n 'sysinfo:::readch { @dist[execname] = quantize(arg0); }'
142 dtrace: description 'sysinfo:::readch ' matched 4 probes
146 value ------------- Distribution ------------- count
148 32 |@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ 15
153 value ------------- Distribution ------------- count
155 0 |@@@@@@@@@@@@@@@@@@@ 26
168 ### Write size distribution by process,
170 # dtrace -n 'sysinfo:::writech { @dist[execname] = quantize(arg0); }'
171 dtrace: description 'sysinfo:::writech ' matched 4 probes
175 value ------------- Distribution ------------- count
177 32 |@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ 169
183 value ------------- Distribution ------------- count
192 128 |@@@@@@@@@@@@@@@@@@@@@@@ 63
200 ### Disk size by process,
202 # dtrace -n 'io:::start { printf("%d %s %d",pid,execname,args[0]->b_bcount); }'
203 0 3271 bdev_strategy:start 16459 tar 1024
204 0 3271 bdev_strategy:start 16459 tar 1024
205 0 3271 bdev_strategy:start 16459 tar 2048
206 0 3271 bdev_strategy:start 16459 tar 1024
207 0 3271 bdev_strategy:start 16459 tar 1024
208 0 3271 bdev_strategy:start 16459 tar 1024
209 0 3271 bdev_strategy:start 16459 tar 8192
210 0 3271 bdev_strategy:start 16459 tar 8192
211 0 3271 bdev_strategy:start 16459 tar 16384
212 0 3271 bdev_strategy:start 16459 tar 2048
213 0 3271 bdev_strategy:start 16459 tar 1024
214 0 3271 bdev_strategy:start 16459 tar 1024
217 ### Pages paged in by process,
219 # dtrace -n 'vminfo:::pgpgin { @pg[execname] = sum(arg0); }'
220 dtrace: description 'vminfo:::pgpgin ' matched 1 probe
229 ### Minor faults by process,
231 # dtrace -n 'vminfo:::as_fault { @mem[execname] = sum(arg0); }'
232 dtrace: description 'vminfo:::as_fault ' matched 1 probe
242 ### Interrupts by CPU,
244 # dtrace -n 'sdt:::interrupt-start { @num[cpu] = count(); }'
245 dtrace: description 'sdt:::interrupt-start ' matched 1 probe
254 ### New processes with arguments and time,
256 # dtrace -qn 'syscall::exec*:return { printf("%Y %s\n",walltimestamp,curpsinfo->pr_psargs); }'
257 2005 Apr 25 19:15:09 man ls
258 2005 Apr 25 19:15:09 sh -c cd /usr/share/man; tbl /usr/share/man/man1/ls.1 |...
259 2005 Apr 25 19:15:09 neqn /usr/share/lib/pub/eqnchar -
260 2005 Apr 25 19:15:09 tbl /usr/share/man/man1/ls.1
261 2005 Apr 25 19:15:09 nroff -u0 -Tlp -man -
262 2005 Apr 25 19:15:09 col -x
263 2005 Apr 25 19:15:10 sh -c trap '' 1 15; /usr/bin/mv -f /tmp/mpRZaqTF /usr/s...
264 2005 Apr 25 19:15:10 /usr/bin/mv -f /tmp/mpRZaqTF /usr/share/man/cat1/ls.1
265 2005 Apr 25 19:15:10 sh -c more -s /tmp/mpRZaqTF
266 2005 Apr 25 19:15:10 more -s /tmp/mpRZaqTF
270 ### Successful signal details,
272 # dtrace -n 'proc:::signal-send /pid/ { printf("%s -%d %d",execname,args[2],args[1]->pr_pid); }'
273 dtrace: description 'proc:::signal-send ' matched 1 probe
275 0 3303 sigtoproc:signal-send bash -15 16442
276 0 3303 sigtoproc:signal-send bash -9 16443
280 ### Kernel function calls by module,
282 # dtrace -n 'fbt:::entry { @calls[probemod] = count(); }'
283 dtrace: description 'fbt:::entry ' matched 18437 probes