1# 2# DTrace OneLiners 3# 4 5DTrace One Liners, 6 7# New processes with arguments, 8dtrace -n 'proc:::exec-success { trace(curpsinfo->pr_psargs); }' 9 10# Files opened by process name, 11dtrace -n 'syscall::open*:entry { printf("%s %s",execname,copyinstr(arg0)); }' 12 13# Files created using creat() by process name, 14dtrace -n 'syscall::creat*:entry { printf("%s %s",execname,copyinstr(arg0)); }' 15 16# Syscall count by process name, 17dtrace -n 'syscall:::entry { @num[execname] = count(); }' 18 19# Syscall count by syscall, 20dtrace -n 'syscall:::entry { @num[probefunc] = count(); }' 21 22# Syscall count by process ID, 23dtrace -n 'syscall:::entry { @num[pid,execname] = count(); }' 24 25# Read bytes by process name, 26dtrace -n 'sysinfo:::readch { @bytes[execname] = sum(arg0); }' 27 28# Write bytes by process name, 29dtrace -n 'sysinfo:::writech { @bytes[execname] = sum(arg0); }' 30 31# Read size distribution by process name, 32dtrace -n 'sysinfo:::readch { @dist[execname] = quantize(arg0); }' 33 34# Write size distribution by process name, 35dtrace -n 'sysinfo:::writech { @dist[execname] = quantize(arg0); }' 36 37# Disk size by process ID, 38dtrace -n 'io:::start { printf("%d %s %d",pid,execname,args[0]->b_bcount); }' 39 40# Disk size aggregation 41dtrace -n 'io:::start { @size[execname] = quantize(args[0]->b_bcount); }' 42 43# Pages paged in by process name, 44dtrace -n 'vminfo:::pgpgin { @pg[execname] = sum(arg0); }' 45 46# Minor faults by process name, 47dtrace -n 'vminfo:::as_fault { @mem[execname] = sum(arg0); }' 48 49# Interrupts by CPU, 50dtrace -n 'sdt:::interrupt-start { @num[cpu] = count(); }' 51 52# CPU cross calls by process name, 53dtrace -n 'sysinfo:::xcalls { @num[execname] = count(); }' 54 55# Lock time by process name, 56dtrace -n 'lockstat:::adaptive-block { @time[execname] = sum(arg1); }' 57 58# Lock distribution by process name, 59dtrace -n 'lockstat:::adaptive-block { @time[execname] = quantize(arg1); }' 60 61# Kernel funtion calls by module 62dtrace -n 'fbt:::entry { @calls[probemod] = count(); }' 63 64# Stack size for processes 65dtrace -n 'sched:::on-cpu { @[execname] = max(curthread->t_procp->p_stksize);}' 66 67# Kill all top processes when they are invoked, 68dtrace -wn 'syscall::exece:return /execname == "top"/ { raise(9); }' 69 70 71 72DTrace Longer One Liners, 73 74# New processes with arguments and time, 75dtrace -qn 'syscall::exec*:return { printf("%Y %s\n",walltimestamp,curpsinfo->pr_psargs); }' 76 77# Successful signal details, 78dtrace -n 'proc:::signal-send /pid/ { printf("%s -%d %d",execname,args[2],args[1]->pr_pid); }' 79 80 81 82