Reputation: 61
How can I filter process name in bpftrace?
I'm currently trying to learn how to use BPF tools with the book "BPF performance Tools" Its really complet and really interesting.
At the end of some chapter there are some optionnal exercices..but there is no solution. I also checked the github repo.
So i need your help to get the exercices done....I'm already struggling with the second question to run execsnoop as some arguments seems to be deleted..
i tried to run an bpftrace one-liner with the code from the execsnoop.bt :
sudo bpftrace -o output.txt -e 'BEGIN {printf("%-10s %-5s %s\n", "TIME(ms)", "PID", "ARGS"); } t:syscalls:sys_enter_exec* { printf("%-10u %-5d ", elapsed / 1e6, pid); join(args->argv); } interval:s:60 { exit(); }'
As you can see, i found out to set up a duration with the exit() function.
but now im stuck to filter with the process name, i dont know how to make a filter with this one-liner.
i thought it was simple with /comm == "man"/ right after the syscall tracepoint but that's not how its work.
Edit: As a bonus question..if anyone knows if there is any solutions for the optionnal exercices from the book directly it will be very helpful.
Upvotes: 3
Views: 1117
Answers (1)
Reputation: 61
Here the solution, i dont know what i missed last time but it works as expected
sudo bpftrace -o output.txt -e 'BEGIN {printf("%-10s %-5s %s\n", "TIME(ms)", "PID", "ARGS"); } t:syscalls:sys_enter_exec* /comm == "man"/ { printf("%-10u %-5d ", elapsed / 1e6, pid); join(args->argv); } interval:s:60 { exit(); }'
Upvotes: 3
Related Questions
- How do I profile C++ code running on Linux?
- How do I delete an exported environment variable?
- How to kill a process running on particular port in Linux?
- How to change the output color of echo in Linux
- How do I exclude a directory when using `find`?
- How can I recursively find all files in current and subfolders based on wildcard matching?
- How do I recursively grep all directories and subdirectories?