| syscount(8) | System Manager's Manual | syscount(8) |
NAME¶
syscount - count system calls. Uses Linux perf_events.SYNOPSIS¶
syscount [-chv] [-t top] {-p PID|-d seconds|command}DESCRIPTION¶
This is a proof-of-concept using perf_events capabilities for older kernel versions, that lack custom in-kernel aggregations. Once they exist, this script can be substantially rewritten and improved (lower overhead).REQUIREMENTS¶
Linux perf_events: add linux-tools-common, run "perf", then add any additional packages it requests. Also needs awk.OPTIONS¶
- -c
- Show counts by syscall name. This mode (without -v) uses in-kernel counts, which have lower overhead than the default mode.
- -h
- Usage message.
- -v
- Verbose: include PID.
- -p PID
- Trace this process ID only.
- -d seconds
- Duration of trace in seconds.
- command
- Run and trace this command.
EXAMPLES¶
- Trace and summarize syscalls by process name:
- # syscount
- Trace and summarize syscalls by syscall name (lower overhead):
- # syscount -c
- Trace for 5 seconds, showing by process name:
- # syscount -d 5
- Trace PID 932 only, and show by syscall name (lower overhead):
- # syscount -cp 923
- Execute the """ls""" command, and show by syscall name:
- # syscount -c ls
FIELDS¶
- PID
- Process ID.
- COMM
- Process command name.
- SYSCALL
- Syscall name.
- COUNT
- Number of syscalls during tracing.
OVERHEAD¶
Modes that report syscall names only (-c, -cp PID, -cd secs) have lower overhead, since they use in-kernel counts. Other modes which report process IDs (-cv) or process names (default) create a perf.data file for post processing, and you will see messages about it doing this. Beware of the file size (test for short durations, or use -c to see counts based on in-kernel counters), and gauge overheads based on the perf.data size.Note that this script delibrately does not pipe perf record into perf script, which would avoid perf.data, because it can create a feedback loop where the perf script syscalls are recorded. Hopefully there will be a fix for this in a later perf version, so perf.data can be skipped, or other kernel features to aggregate by process name in-kernel directly (eg, via eBPF, ktap, or SystemTap).
SOURCE¶
This is from the perf-tools collection.Also look under the examples directory for a text file containing example usage, output, and commentary for this tool.
OS¶
LinuxSTABILITY¶
Unstable - in development.AUTHOR¶
Brendan GreggSEE ALSO¶
iosnoop(8), iolatency(8), iostat(1)| 2014-07-07 | USER COMMANDS |