1235368Sgnn# 2235368Sgnn# DTrace OneLiners Examples 3235368Sgnn# 4235368Sgnn 5235368Sgnn### New processes with arguments, 6235368Sgnn 7235368Sgnn# dtrace -n 'proc:::exec-success { trace(curpsinfo->pr_psargs); }' 8235368Sgnndtrace: description 'proc:::exec-success ' matched 1 probe 9235368SgnnCPU ID FUNCTION:NAME 10235368Sgnn 0 3297 exec_common:exec-success man ls 11235368Sgnn 0 3297 exec_common:exec-success sh -c cd /usr/share/man; tbl /usr/share/man/man1/ls.1 |neqn /usr/share/lib/pub/ 12235368Sgnn 0 3297 exec_common:exec-success tbl /usr/share/man/man1/ls.1 13235368Sgnn 0 3297 exec_common:exec-success neqn /usr/share/lib/pub/eqnchar - 14235368Sgnn 0 3297 exec_common:exec-success nroff -u0 -Tlp -man - 15235368Sgnn 0 3297 exec_common:exec-success col -x 16235368Sgnn 0 3297 exec_common:exec-success sh -c trap '' 1 15; /usr/bin/mv -f /tmp/mpzIaOZF /usr/share/man/cat1/ls.1 2> /d 17235368Sgnn 0 3297 exec_common:exec-success /usr/bin/mv -f /tmp/mpzIaOZF /usr/share/man/cat1/ls.1 18235368Sgnn 0 3297 exec_common:exec-success sh -c more -s /tmp/mpzIaOZF 19235368Sgnn 0 3297 exec_common:exec-success more -s /tmp/mpzIaOZF 20235368Sgnn 21235368Sgnn 22235368Sgnn### Files opened by process, 23235368Sgnn 24235368Sgnn# dtrace -n 'syscall::open*:entry { printf("%s %s",execname,copyinstr(arg0)); }' 25235368Sgnndtrace: description 'syscall::open*:entry ' matched 2 probes 26235368SgnnCPU ID FUNCTION:NAME 27235368Sgnn 0 14 open:entry gnome-netstatus- /dev/kstat 28235368Sgnn 0 14 open:entry man /var/ld/ld.config 29235368Sgnn 0 14 open:entry man /lib/libc.so.1 30235368Sgnn 0 14 open:entry man /usr/share/man/man.cf 31235368Sgnn 0 14 open:entry man /usr/share/man/windex 32235368Sgnn 0 14 open:entry man /usr/share/man/man1/ls.1 33235368Sgnn 0 14 open:entry man /usr/share/man/man1/ls.1 34235368Sgnn 0 14 open:entry man /tmp/mpqea4RF 35235368Sgnn 0 14 open:entry sh /var/ld/ld.config 36235368Sgnn 0 14 open:entry sh /lib/libc.so.1 37235368Sgnn 0 14 open:entry neqn /var/ld/ld.config 38235368Sgnn 0 14 open:entry neqn /lib/libc.so.1 39235368Sgnn 0 14 open:entry neqn /usr/share/lib/pub/eqnchar 40235368Sgnn 0 14 open:entry tbl /var/ld/ld.config 41235368Sgnn 0 14 open:entry tbl /lib/libc.so.1 42235368Sgnn 0 14 open:entry tbl /usr/share/man/man1/ls.1 43235368Sgnn 0 14 open:entry nroff /var/ld/ld.config 44235368Sgnn[...] 45235368Sgnn 46235368Sgnn 47235368Sgnn### Syscall count by program, 48235368Sgnn 49235368Sgnn# dtrace -n 'syscall:::entry { @num[execname] = count(); }' 50235368Sgnndtrace: description 'syscall:::entry ' matched 228 probes 51235368Sgnn^C 52235368Sgnn snmpd 1 53235368Sgnn utmpd 2 54235368Sgnn inetd 2 55235368Sgnn nscd 7 56235368Sgnn svc.startd 11 57235368Sgnn sendmail 31 58235368Sgnn poold 133 59235368Sgnn dtrace 1720 60235368Sgnn 61235368Sgnn 62235368Sgnn### Syscall count by syscall, 63235368Sgnn 64235368Sgnn# dtrace -n 'syscall:::entry { @num[probefunc] = count(); }' 65235368Sgnndtrace: description 'syscall:::entry ' matched 228 probes 66235368Sgnn^C 67235368Sgnn fstat 1 68235368Sgnn setcontext 1 69235368Sgnn lwp_park 1 70235368Sgnn schedctl 1 71235368Sgnn mmap 1 72235368Sgnn sigaction 2 73235368Sgnn pset 2 74235368Sgnn lwp_sigmask 2 75235368Sgnn gtime 3 76235368Sgnn sysconfig 3 77235368Sgnn write 4 78235368Sgnn brk 6 79235368Sgnn pollsys 7 80235368Sgnn p_online 558 81235368Sgnn ioctl 579 82235368Sgnn 83235368Sgnn 84235368Sgnn### Syscall count by process, 85235368Sgnn 86235368Sgnn# dtrace -n 'syscall:::entry { @num[pid,execname] = count(); }' 87235368Sgnndtrace: description 'syscall:::entry ' matched 228 probes 88235368Sgnn^C 89235368Sgnn 1109 svc.startd 1 90235368Sgnn 4588 svc.startd 2 91235368Sgnn 7 svc.startd 2 92235368Sgnn 3950 svc.startd 2 93235368Sgnn 1626 nscd 2 94235368Sgnn 870 svc.startd 2 95235368Sgnn 82 nscd 6 96235368Sgnn 5011 sendmail 10 97235368Sgnn 6010 poold 74 98235368Sgnn 8707 dtrace 1720 99235368Sgnn 100235368Sgnn 101235368Sgnn### Read bytes by process, 102235368Sgnn 103235368Sgnn# dtrace -n 'sysinfo:::readch { @bytes[execname] = sum(arg0); }' 104235368Sgnndtrace: description 'sysinfo:::readch ' matched 4 probes 105235368Sgnn^C 106235368Sgnn 107235368Sgnn mozilla-bin 16 108235368Sgnn gnome-smproxy 64 109235368Sgnn metacity 64 110235368Sgnn dsdm 64 111235368Sgnn wnck-applet 64 112235368Sgnn xscreensaver 96 113235368Sgnn gnome-terminal 900 114235368Sgnn ttymon 5952 115235368Sgnn Xorg 17544 116235368Sgnn 117235368Sgnn 118235368Sgnn### Write bytes by process, 119235368Sgnn 120235368Sgnn# dtrace -n 'sysinfo:::writech { @bytes[execname] = sum(arg0); }' 121235368Sgnndtrace: description 'sysinfo:::writech ' matched 4 probes 122235368Sgnn^C 123235368Sgnn 124235368Sgnn dtrace 1 125235368Sgnn gnome-settings-d 8 126235368Sgnn xscreensaver 8 127235368Sgnn gnome-panel 8 128235368Sgnn nautilus 8 129235368Sgnn date 29 130235368Sgnn wnck-applet 120 131235368Sgnn bash 210 132235368Sgnn mozilla-bin 1497 133235368Sgnn ls 1947 134235368Sgnn metacity 3172 135235368Sgnn Xorg 7424 136235368Sgnn gnome-terminal 51955 137235368Sgnn 138235368Sgnn 139235368Sgnn### Read size distribution by process, 140235368Sgnn 141235368Sgnn# dtrace -n 'sysinfo:::readch { @dist[execname] = quantize(arg0); }' 142235368Sgnndtrace: description 'sysinfo:::readch ' matched 4 probes 143235368Sgnn^C 144235368Sgnn[...] 145235368Sgnn gnome-terminal 146235368Sgnn value ------------- Distribution ------------- count 147235368Sgnn 16 | 0 148235368Sgnn 32 |@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ 15 149235368Sgnn 64 |@@@ 1 150235368Sgnn 128 | 0 151235368Sgnn 152235368Sgnn Xorg 153235368Sgnn value ------------- Distribution ------------- count 154235368Sgnn -1 | 0 155235368Sgnn 0 |@@@@@@@@@@@@@@@@@@@ 26 156235368Sgnn 1 | 0 157235368Sgnn 2 | 0 158235368Sgnn 4 | 0 159235368Sgnn 8 |@@@@ 6 160235368Sgnn 16 |@ 2 161235368Sgnn 32 |@ 2 162235368Sgnn 64 | 0 163235368Sgnn 128 |@@@@@@@@ 11 164235368Sgnn 256 |@@@ 4 165235368Sgnn 512 | 0 166235368Sgnn 167235368Sgnn 168235368Sgnn### Write size distribution by process, 169235368Sgnn 170235368Sgnn# dtrace -n 'sysinfo:::writech { @dist[execname] = quantize(arg0); }' 171235368Sgnndtrace: description 'sysinfo:::writech ' matched 4 probes 172235368Sgnn^C 173235368Sgnn[...] 174235368Sgnn Xorg 175235368Sgnn value ------------- Distribution ------------- count 176235368Sgnn 16 | 0 177235368Sgnn 32 |@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ 169 178235368Sgnn 64 |@@@ 16 179235368Sgnn 128 |@@ 10 180235368Sgnn 256 | 0 181235368Sgnn 182235368Sgnn gnome-terminal 183235368Sgnn value ------------- Distribution ------------- count 184235368Sgnn 0 | 0 185235368Sgnn 1 |@@ 6 186235368Sgnn 2 | 0 187235368Sgnn 4 | 0 188235368Sgnn 8 | 1 189235368Sgnn 16 |@ 2 190235368Sgnn 32 |@@@ 7 191235368Sgnn 64 | 0 192235368Sgnn 128 |@@@@@@@@@@@@@@@@@@@@@@@ 63 193235368Sgnn 256 |@@@@ 10 194235368Sgnn 512 | 1 195235368Sgnn 1024 |@@@@@ 13 196235368Sgnn 2048 |@ 2 197235368Sgnn 4096 |@@@ 7 198235368Sgnn 199235368Sgnn 200235368Sgnn### Disk size by process, 201235368Sgnn 202235368Sgnn# dtrace -n 'io:::start { printf("%d %s %d",pid,execname,args[0]->b_bcount); }' 203235368Sgnn 0 3271 bdev_strategy:start 16459 tar 1024 204235368Sgnn 0 3271 bdev_strategy:start 16459 tar 1024 205235368Sgnn 0 3271 bdev_strategy:start 16459 tar 2048 206235368Sgnn 0 3271 bdev_strategy:start 16459 tar 1024 207235368Sgnn 0 3271 bdev_strategy:start 16459 tar 1024 208235368Sgnn 0 3271 bdev_strategy:start 16459 tar 1024 209235368Sgnn 0 3271 bdev_strategy:start 16459 tar 8192 210235368Sgnn 0 3271 bdev_strategy:start 16459 tar 8192 211235368Sgnn 0 3271 bdev_strategy:start 16459 tar 16384 212235368Sgnn 0 3271 bdev_strategy:start 16459 tar 2048 213235368Sgnn 0 3271 bdev_strategy:start 16459 tar 1024 214235368Sgnn 0 3271 bdev_strategy:start 16459 tar 1024 215235368Sgnn 216235368Sgnn 217235368Sgnn### Pages paged in by process, 218235368Sgnn 219235368Sgnn# dtrace -n 'vminfo:::pgpgin { @pg[execname] = sum(arg0); }' 220235368Sgnndtrace: description 'vminfo:::pgpgin ' matched 1 probe 221235368Sgnn^C 222235368Sgnn 223235368Sgnn ttymon 1 224235368Sgnn bash 1 225235368Sgnn mozilla-bin 36 226235368Sgnn tar 6661 227235368Sgnn 228235368Sgnn 229235368Sgnn### Minor faults by process, 230235368Sgnn 231235368Sgnn# dtrace -n 'vminfo:::as_fault { @mem[execname] = sum(arg0); }' 232235368Sgnndtrace: description 'vminfo:::as_fault ' matched 1 probe 233235368Sgnn^C 234235368Sgnn 235235368Sgnn mozilla-bin 18 236235368Sgnn dtrace 57 237235368Sgnn find 64 238235368Sgnn bash 150 239235368Sgnn tar 501 240235368Sgnn 241235368Sgnn 242235368Sgnn### Interrupts by CPU, 243235368Sgnn 244235368Sgnn# dtrace -n 'sdt:::interrupt-start { @num[cpu] = count(); }' 245235368Sgnndtrace: description 'sdt:::interrupt-start ' matched 1 probe 246235368Sgnn^C 247235368Sgnn 248235368Sgnn 513 2 249235368Sgnn 515 4 250235368Sgnn 3 39 251235368Sgnn 2 39 252235368Sgnn 253235368Sgnn 254235368Sgnn### New processes with arguments and time, 255235368Sgnn 256235368Sgnn# dtrace -qn 'syscall::exec*:return { printf("%Y %s\n",walltimestamp,curpsinfo->pr_psargs); }' 257235368Sgnn2005 Apr 25 19:15:09 man ls 258235368Sgnn2005 Apr 25 19:15:09 sh -c cd /usr/share/man; tbl /usr/share/man/man1/ls.1 |... 259235368Sgnn2005 Apr 25 19:15:09 neqn /usr/share/lib/pub/eqnchar - 260235368Sgnn2005 Apr 25 19:15:09 tbl /usr/share/man/man1/ls.1 261235368Sgnn2005 Apr 25 19:15:09 nroff -u0 -Tlp -man - 262235368Sgnn2005 Apr 25 19:15:09 col -x 263235368Sgnn2005 Apr 25 19:15:10 sh -c trap '' 1 15; /usr/bin/mv -f /tmp/mpRZaqTF /usr/s... 264235368Sgnn2005 Apr 25 19:15:10 /usr/bin/mv -f /tmp/mpRZaqTF /usr/share/man/cat1/ls.1 265235368Sgnn2005 Apr 25 19:15:10 sh -c more -s /tmp/mpRZaqTF 266235368Sgnn2005 Apr 25 19:15:10 more -s /tmp/mpRZaqTF 267235368Sgnn[...] 268235368Sgnn 269235368Sgnn 270235368Sgnn### Successful signal details, 271235368Sgnn 272235368Sgnn# dtrace -n 'proc:::signal-send /pid/ { printf("%s -%d %d",execname,args[2],args[1]->pr_pid); }' 273235368Sgnndtrace: description 'proc:::signal-send ' matched 1 probe 274235368SgnnCPU ID FUNCTION:NAME 275235368Sgnn 0 3303 sigtoproc:signal-send bash -15 16442 276235368Sgnn 0 3303 sigtoproc:signal-send bash -9 16443 277235368Sgnn^C 278235368Sgnn 279235368Sgnn 280235368Sgnn### Kernel function calls by module, 281235368Sgnn 282235368Sgnn# dtrace -n 'fbt:::entry { @calls[probemod] = count(); }' 283235368Sgnndtrace: description 'fbt:::entry ' matched 18437 probes 284235368Sgnn^C 285235368Sgnn 286235368Sgnn devfs 2 287235368Sgnn ptm 2 288235368Sgnn ipf 5 289235368Sgnn pts 5 290235368Sgnn ttcompat 9 291235368Sgnn ptem 9 292235368Sgnn ldterm 23 293235368Sgnn ipgpc 24 294235368Sgnn ufs 24 295235368Sgnn ata 25 296235368Sgnn sockfs 27 297235368Sgnn gld 32 298235368Sgnn rtls 34 299235368Sgnn flowacct 38 300235368Sgnn specfs 50 301235368Sgnn ip 84 302235368Sgnn TS 92 303235368Sgnn uhci 101 304235368Sgnn uppc 1758 305235368Sgnn unix 6347 306235368Sgnn genunix 10023 307235368Sgnn 308