man/man8/syscount.8 - platform/external/bcc - Git at Google

 .TH syscount 8  "2017-02-15" "USER COMMANDS"
 .SH NAME
 syscount \- Summarize syscall counts and latencies.
 .SH SYNOPSIS
 .B syscount [-h] [-p PID] [-i INTERVAL] [-d DURATION] [-T TOP] [-x] [-e ERRNO] [-L] [-m] [-P] [-l]
 .SH DESCRIPTION
 This tool traces syscall entry and exit tracepoints and summarizes either the
 number of syscalls of each type, or the number of syscalls per process. It can
 also collect latency (invocation time) for each syscall or each process.

 Since this uses BPF, only the root user can use this tool.
 .SH REQUIREMENTS
 CONFIG_BPF and bcc. Linux 4.7+ is required to attach a BPF program to the
 raw_syscalls:sys_{enter,exit} tracepoints, used by this tool.
 .SH OPTIONS
 .TP
 \-h
 Print usage message.
 .TP
 \-p PID
 Trace only this process.
 .TP
 \-i INTERVAL
 Print the summary at the specified interval (in seconds).
 .TP
 \-d DURATION
 Total duration of trace (in seconds).
 .TP
 \-T TOP
 Print only this many entries. Default: 10.
 .TP
 \-x
 Trace only failed syscalls (i.e., the return value from the syscall was < 0).
 .TP
 \-e ERRNO
 Trace only syscalls that failed with that error (e.g. -e EPERM or -e 1).
 .TP
 \-m
 Display times in milliseconds. Default: microseconds.
 .TP
 \-P
 Summarize by process and not by syscall.
 .TP
 \-l
 List the syscalls recognized by the tool (hard-coded list). Syscalls beyond this
 list will still be displayed, as "[unknown: nnn]" where nnn is the syscall
 number.
 .SH EXAMPLES
 .TP
 Summarize all syscalls by syscall:
 #
 .B syscount
 .TP
 Summarize all syscalls by process:
 #
 .B syscount \-P
 .TP
 Summarize only failed syscalls:
 #
 .B syscount \-x
 .TP
 Summarize only syscalls that failed with EPERM:
 #
 .B syscount \-e EPERM
 .TP
 Trace PID 181 only:
 #
 .B syscount \-p 181
 .TP
 Summarize syscalls counts and latencies:
 #
 .B syscount \-L
 .SH FIELDS
 .TP
 PID
 Process ID
 .TP
 COMM
 Process name
 .TP
 SYSCALL
 Syscall name, or "[unknown: nnn]" for syscalls that aren't recognized
 .TP
 COUNT
 The number of events
 .TP
 TIME
 The total elapsed time (in us or ms)
 .SH OVERHEAD
 For most applications, the overhead should be manageable if they perform 1000's
 or even 10,000's of syscalls per second. For higher rates, the overhead may
 become considerable. For example, tracing a loop of 4 million calls to geteuid(),
 slows it down by 1.85x when tracing only syscall counts, and slows it down by
 more than 5x when tracing syscall counts and latencies. However, this represents
 a rate of >3.5 million syscalls per second, which should not be typical.
 .SH SOURCE
 This is from bcc.
 .IP
 https://github.com/iovisor/bcc
 .PP
 Also look in the bcc distribution for a companion _examples.txt file containing
 example usage, output, and commentary for this tool.
 .SH OS
 Linux
 .SH STABILITY
 Unstable - in development.
 .SH AUTHOR
 Sasha Goldshtein
 .SH SEE ALSO
 funccount(8), ucalls(8), argdist(8), trace(8), funclatency(8)
	.TH syscount 8 "2017-02-15" "USER COMMANDS"
	.SH NAME
	syscount \- Summarize syscall counts and latencies.
	.SH SYNOPSIS
	.B syscount [-h] [-p PID] [-i INTERVAL] [-d DURATION] [-T TOP] [-x] [-e ERRNO] [-L] [-m] [-P] [-l]
	.SH DESCRIPTION
	This tool traces syscall entry and exit tracepoints and summarizes either the
	number of syscalls of each type, or the number of syscalls per process. It can
	also collect latency (invocation time) for each syscall or each process.

	Since this uses BPF, only the root user can use this tool.
	.SH REQUIREMENTS
	CONFIG_BPF and bcc. Linux 4.7+ is required to attach a BPF program to the
	raw_syscalls:sys_{enter,exit} tracepoints, used by this tool.
	.SH OPTIONS
	.TP
	\-h
	Print usage message.
	.TP
	\-p PID
	Trace only this process.
	.TP
	\-i INTERVAL
	Print the summary at the specified interval (in seconds).
	.TP
	\-d DURATION
	Total duration of trace (in seconds).
	.TP
	\-T TOP
	Print only this many entries. Default: 10.
	.TP
	\-x
	Trace only failed syscalls (i.e., the return value from the syscall was < 0).
	.TP
	\-e ERRNO
	Trace only syscalls that failed with that error (e.g. -e EPERM or -e 1).
	.TP
	\-m
	Display times in milliseconds. Default: microseconds.
	.TP
	\-P
	Summarize by process and not by syscall.
	.TP
	\-l
	List the syscalls recognized by the tool (hard-coded list). Syscalls beyond this
	list will still be displayed, as "[unknown: nnn]" where nnn is the syscall
	number.
	.SH EXAMPLES
	.TP
	Summarize all syscalls by syscall:
	#
	.B syscount
	.TP
	Summarize all syscalls by process:
	#
	.B syscount \-P
	.TP
	Summarize only failed syscalls:
	#
	.B syscount \-x
	.TP
	Summarize only syscalls that failed with EPERM:
	#
	.B syscount \-e EPERM
	.TP
	Trace PID 181 only:
	#
	.B syscount \-p 181
	.TP
	Summarize syscalls counts and latencies:
	#
	.B syscount \-L
	.SH FIELDS
	.TP
	PID
	Process ID
	.TP
	COMM
	Process name
	.TP
	SYSCALL
	Syscall name, or "[unknown: nnn]" for syscalls that aren't recognized
	.TP
	COUNT
	The number of events
	.TP
	TIME
	The total elapsed time (in us or ms)
	.SH OVERHEAD
	For most applications, the overhead should be manageable if they perform 1000's
	or even 10,000's of syscalls per second. For higher rates, the overhead may
	become considerable. For example, tracing a loop of 4 million calls to geteuid(),
	slows it down by 1.85x when tracing only syscall counts, and slows it down by
	more than 5x when tracing syscall counts and latencies. However, this represents
	a rate of >3.5 million syscalls per second, which should not be typical.
	.SH SOURCE
	This is from bcc.
	.IP
	https://github.com/iovisor/bcc
	.PP
	Also look in the bcc distribution for a companion _examples.txt file containing
	example usage, output, and commentary for this tool.
	.SH OS
	Linux
	.SH STABILITY
	Unstable - in development.
	.SH AUTHOR
	Sasha Goldshtein
	.SH SEE ALSO
	funccount(8), ucalls(8), argdist(8), trace(8), funclatency(8)