1statsnoop(8)                System Manager's Manual               statsnoop(8)
2
3
4

NAME

6       statsnoop.bt - Trace stat() syscalls. Uses bpftrace/eBPF.
7

SYNOPSIS

9       statsnoop.bt
10

DESCRIPTION

12       statsnoop  traces  the  stat()  syscall,  showing  which  processes are
13       attempting to stat which files. This can be useful for determining  the
14       location  of  config and log files, or for troubleshooting applications
15       that are failing, specially on startup.
16
17       This traces the tracepoints for statfs(), statx(), newstat(), and newl‐
18       stat().  These  aren't  the  only the stat syscalls: if you are missing
19       activity, you may need to add more variants.
20
21       Since this uses BPF, only the root user can use this tool.
22

REQUIREMENTS

24       CONFIG_BPF and bcc.
25

EXAMPLES

27       Trace all stat() syscalls:
28              # statsnoop.bt
29

FIELDS

31       PID Process ID
32
33       TID    Thread ID
34
35       COMM   Process name
36
37       FD     File descriptor (if success), or -1 (if failed)
38
39       ERR    Error number (see the system's errno.h)
40
41       PATH   Stat path
42

OVERHEAD

44       This traces the stat tracepoints and prints output for each  event.  As
45       the  rate of this is generally expected to be low (< 1000/s), the over‐
46       head is also expected to be negligible. If you have an application that
47       is  calling  a  high rate of stat()s, then test and understand overhead
48       before use.
49

SOURCE

51       This is from bpftrace.
52
53              https://github.com/iovisor/bpftrace
54
55       Also look in the bpftrace distribution for  a  companion  _examples.txt
56       file containing example usage, output, and commentary for this tool.
57
58       This  is  a  bpftrace version of the bcc tool of the same name. The bcc
59       tool may provide more options and customizations.
60
61              https://github.com/iovisor/bcc
62

OS

64       Linux
65

STABILITY

67       Unstable - in development.
68

AUTHOR

70       Brendan Gregg
71

SEE ALSO

73       opensnoop(8), execsnoop(8)
74
75
76
77USER COMMANDS                     2018-09-08                      statsnoop(8)
Impressum