1syscount.bt(8)              System Manager's Manual             syscount.bt(8)
2
3
4

NAME

6       syscount.bt - Count system calls. Uses bpftrace/eBPF.
7

SYNOPSIS

9       syscount.bt
10

DESCRIPTION

12       This  counts system calls (syscalls), printing a summary of the top ten
13       syscall IDs, and the top ten process names making syscalls. This can be
14       helpful  for characterizing the kernel and resource workload, and find‐
15       ing applications who are using syscalls inefficiently.
16
17       This works by using the tracepoint:raw_syscalls:sys_enter tracepoint.
18
19       Since this uses BPF, only the root user can use this tool.
20

REQUIREMENTS

22       CONFIG_BPF and bpftrace.
23

EXAMPLES

25       Count system calls until Ctrl-C is hit:
26              # syscount.bt
27

OUTPUT

29       Top 10 syscalls IDs:
30              This shows the syscall ID number (in @syscall[]) followed  by  a
31              count  for  this syscall during tracing. To see the syscall name
32              for that ID, you can use "ausyscall --dump", or the bcc  version
33              of this tool that does translations.
34
35       Top 10 processes:
36              This  shows the process name (in @process[]) followed by a count
37              of syscalls during tracing.
38

OVERHEAD

40       For most applications, the overhead should be manageable if  they  per‐
41       form  1000's or even 10,000's of syscalls per second. For higher rates,
42       the overhead may  become  considerable.  For  example,  tracing  a  mi‐
43       crobenchmark  loop  of  4  million calls to geteuid(), slows it down by
44       2.4x. However, this represents tracing a workload that  has  a  syscall
45       rate of over 4 million syscalls per second per CPU, which should not be
46       typical (in one large cloud production environment,  rates  of  between
47       10k  and 50k are typical, where the application overhead is expected to
48       be closer to 1%).
49
50       For comparison, strace(1) in its  current  ptrace-based  implementation
51       (which  it  has  had for decades) runs the same geteuid() workload 102x
52       slower (that's one hundred and two times slower).
53

SOURCE

55       This is from bpftrace.
56
57              https://github.com/iovisor/bpftrace
58
59       Also look in the bpftrace distribution for  a  companion  _examples.txt
60       file containing example usage, output, and commentary for this tool.
61
62       This  is  a bpftrace version of the bcc tool of the same name.  The bcc
63       version provides different command line  options,  and  translates  the
64       syscall IDs to their syscall names.
65
66              https://github.com/iovisor/bcc
67

OS

69       Linux
70

STABILITY

72       Unstable - in development.
73

AUTHOR

75       Brendan Gregg
76

SEE ALSO

78       strace(1)
79
80
81
82USER COMMANDS                     2018-09-06                    syscount.bt(8)
Impressum