1killsnoop(8) System Manager's Manual killsnoop(8)
2
3
4
6 killsnoop - Trace signals issued by the kill() syscall. Uses Linux
7 eBPF/bcc.
8
10 killsnoop [-h] [-x] [-p PID] [-T PID] [-s SIGNAL]
11
13 killsnoop traces the kill() syscall, to show signals sent via this
14 method. This may be useful to troubleshoot failing applications, where
15 an unknown mechanism is sending signals.
16
17 This works by tracing the kernel sys_kill() function using dynamic
18 tracing, and will need updating to match any changes to this function.
19
20 This makes use of a Linux 4.4 feature (bpf_perf_event_output()); for
21 kernels older than 4.4, see the version under tools/old, which uses an
22 older mechanism.
23
24 Since this uses BPF, only the root user can use this tool.
25
27 CONFIG_BPF and bcc.
28
30 -h Print usage message.
31
32 -x Only print failed kill() syscalls.
33
34 -p PID Trace this process ID only which is the sender of signal (fil‐
35 tered in-kernel).
36
37 -T PID Trace this target process ID only which is the receiver of sig‐
38 nal (filtered in-kernel).
39
40 -s SIGNAL
41 Trace this signal only (filtered in-kernel).
42
44 Trace all kill() syscalls:
45 # killsnoop
46
47 Trace only kill() syscalls that failed:
48 # killsnoop -x
49
50 Trace PID 181 only:
51 # killsnoop -p 181
52
53 Trace target PID 189 only:
54 # killsnoop -T 189
55
56 Trace signal 9 only:
57 # killsnoop -s 9
58
60 TIME Time of the kill call.
61
62 PID Source process ID
63
64 COMM Source process name
65
66 SIG Signal number. See signal(7).
67
68 TPID Target process ID
69
70 RES Result. 0 == success, a negative value (of the error code) for
71 failure.
72
74 This traces the kernel kill function and prints output for each event.
75 As the rate of this is generally expected to be low (< 100/s), the
76 overhead is also expected to be negligible. If you have an application
77 that is calling a very high rate of kill()s for some reason, then test
78 and understand overhead before use.
79
81 This is from bcc.
82
83 https://github.com/iovisor/bcc
84
85 Also look in the bcc distribution for a companion _examples.txt file
86 containing example usage, output, and commentary for this tool.
87
89 Linux
90
92 Unstable - in development.
93
95 Brendan Gregg
96
98 opensnoop(8), funccount(8)
99
100
101
102USER COMMANDS 2015-08-20 killsnoop(8)