Welcome at the dtrace "one liners" Blog from BUD
D-Trace itselves is a powerful framework within Solaris 10 (and higher) which enabels us to get da deeper view into the Operating System / System Calles launched by applicatoins and anything else which provides a dtrace probe.
The documentation of the dtrace framework is detailed and very good for anyone who wants to get deeper involved with the framework and the corespoding language "D".
Additional there are a bunch of great resources for more informations on dtrace.
A lot of customers i get in contact with are overwhelmed with the complexity and additional lerning curve to be able to leverage the dtrace framework. On the other side, my work as doing figherfighting for performance/availability and security problems (wrong, there are no problems, only challanges) gets me in contact with a suitable amount of challanges which dtrace gets some more detailed light on it. So i will start to combine the corresponding "one line dtrace scripts" i discover within this (hopefully) rising blog.
The one-liners are sorted in to categories:
a set of dtrace lines gathering info for the "whole" system, useful for getting a overview what the system is used for
another set of dtrase lines gathering data for one process. Let us call this a extension of truss
dtrace one-liners for "who is doing what"
| dtrace -n 'syscall:::entry {trace(probefunc)}' | -> | list all syscals with their process ids for the whole sytem |
| dtrace -n 'syscall:::entry {trace(execname)}' | -> | list all syscalls with their execname... again system wide... perfect who is doing what |
| dtrace -n 'xcalls{trace(pid); trace(execname)}' | -> | list all programms triggering a xcall.. again system wide |
dtrace one-liners for "what is doing who"
| dtrace -n 'syscall:::entry /execname == "Xsun"/{trace(probefunc)}' | -> | list all system calls of the Xsun named process... close to a truss but catching the Xsun.. you might be able to for example select "all apaches" with one line. |
| dtrace -n 'syscall:::entry { @syscalls[probefunc] = count(); }' | -> | counts all system calls system wide if you enter a / execname == "programm" / before the { you are able to select a patternmatching for a specific program/daemon/execname |
| dtrace -n 'syscall::write:entry { @[execname] = quantize(arg2); }' | -> | uses the quantize function fo display the i/o sitze in bytes of any write of any exename(daemon/program) on the system |
| dtrace -n 'syscall:::entry { self->ts=timestamp } ; syscall:::return { @time[probefunc]=lquantize(timestamp - self->ts,0,60000,1000); selv->ts=0 };' | -> | displays the time spend in any systemcall (cool) |
well, it basically is always the same:
- probe in the form of syscall::
:entry/return - action to tacke in {}l>
Later on I will bring some examples on dtrace for networking
cu BUD - action to tacke in {}l>
