1*387f9dfdSAndroid Build Coastguard WorkerDemonstrations of statsnoop, the Linux eBPF/bcc version. 2*387f9dfdSAndroid Build Coastguard Worker 3*387f9dfdSAndroid Build Coastguard Worker 4*387f9dfdSAndroid Build Coastguard Workerstatsnoop traces the different stat() syscalls system-wide, and prints various 5*387f9dfdSAndroid Build Coastguard Workerdetails. Example output: 6*387f9dfdSAndroid Build Coastguard Worker 7*387f9dfdSAndroid Build Coastguard Worker# ./statsnoop 8*387f9dfdSAndroid Build Coastguard WorkerPID COMM FD ERR PATH 9*387f9dfdSAndroid Build Coastguard Worker31126 bash 0 0 . 10*387f9dfdSAndroid Build Coastguard Worker31126 bash -1 2 /usr/local/sbin/iconfig 11*387f9dfdSAndroid Build Coastguard Worker31126 bash -1 2 /usr/local/bin/iconfig 12*387f9dfdSAndroid Build Coastguard Worker31126 bash -1 2 /usr/sbin/iconfig 13*387f9dfdSAndroid Build Coastguard Worker31126 bash -1 2 /usr/bin/iconfig 14*387f9dfdSAndroid Build Coastguard Worker31126 bash -1 2 /sbin/iconfig 15*387f9dfdSAndroid Build Coastguard Worker31126 bash -1 2 /bin/iconfig 16*387f9dfdSAndroid Build Coastguard Worker31126 bash -1 2 /usr/games/iconfig 17*387f9dfdSAndroid Build Coastguard Worker31126 bash -1 2 /usr/local/games/iconfig 18*387f9dfdSAndroid Build Coastguard Worker31126 bash -1 2 /apps/python/bin/iconfig 19*387f9dfdSAndroid Build Coastguard Worker31126 bash -1 2 /mnt/src/llvm/build/bin/iconfig 20*387f9dfdSAndroid Build Coastguard Worker8902 command-not-fou -1 2 /usr/bin/Modules/Setup 21*387f9dfdSAndroid Build Coastguard Worker8902 command-not-fou -1 2 /usr/bin/lib/python3.4/os.py 22*387f9dfdSAndroid Build Coastguard Worker8902 command-not-fou -1 2 /usr/bin/lib/python3.4/os.pyc 23*387f9dfdSAndroid Build Coastguard Worker8902 command-not-fou 0 0 /usr/lib/python3.4/os.py 24*387f9dfdSAndroid Build Coastguard Worker8902 command-not-fou -1 2 /usr/bin/pybuilddir.txt 25*387f9dfdSAndroid Build Coastguard Worker8902 command-not-fou -1 2 /usr/bin/lib/python3.4/lib-dynload 26*387f9dfdSAndroid Build Coastguard Worker8902 command-not-fou 0 0 /usr/lib/python3.4/lib-dynload 27*387f9dfdSAndroid Build Coastguard Worker8902 command-not-fou 0 0 /apps/python/lib/python2.7/site-packages 28*387f9dfdSAndroid Build Coastguard Worker8902 command-not-fou 0 0 /apps/python/lib/python2.7/site-packages 29*387f9dfdSAndroid Build Coastguard Worker8902 command-not-fou 0 0 /apps/python/lib/python2.7/site-packages 30*387f9dfdSAndroid Build Coastguard Worker8902 command-not-fou 0 0 /usr/lib/python3.4/ 31*387f9dfdSAndroid Build Coastguard Worker8902 command-not-fou 0 0 /usr/lib/python3.4/ 32*387f9dfdSAndroid Build Coastguard Worker[...] 33*387f9dfdSAndroid Build Coastguard Worker 34*387f9dfdSAndroid Build Coastguard WorkerThis output has caught me mistyping a command in another shell, "iconfig" 35*387f9dfdSAndroid Build Coastguard Workerinstead of "ifconfig". The first several lines show the bash shell searching 36*387f9dfdSAndroid Build Coastguard Workerthe $PATH, and failing to find it (ERR == 2 is file not found). Then, a 37*387f9dfdSAndroid Build Coastguard Worker"command-not-found" program executes (the name is truncated to 16 characters 38*387f9dfdSAndroid Build Coastguard Workerin the COMM field), which begins the process of searching for and suggesting 39*387f9dfdSAndroid Build Coastguard Workera package. ie, this: 40*387f9dfdSAndroid Build Coastguard Worker 41*387f9dfdSAndroid Build Coastguard Worker# iconfig 42*387f9dfdSAndroid Build Coastguard WorkerNo command 'iconfig' found, did you mean: 43*387f9dfdSAndroid Build Coastguard Worker Command 'vconfig' from package 'vlan' (main) 44*387f9dfdSAndroid Build Coastguard Worker Command 'fconfig' from package 'redboot-tools' (universe) 45*387f9dfdSAndroid Build Coastguard Worker Command 'mconfig' from package 'mono-devel' (main) 46*387f9dfdSAndroid Build Coastguard Worker Command 'iwconfig' from package 'wireless-tools' (main) 47*387f9dfdSAndroid Build Coastguard Worker Command 'zconfig' from package 'python-zconfig' (universe) 48*387f9dfdSAndroid Build Coastguard Worker Command 'ifconfig' from package 'net-tools' (main) 49*387f9dfdSAndroid Build Coastguard Workericonfig: command not found 50*387f9dfdSAndroid Build Coastguard Worker 51*387f9dfdSAndroid Build Coastguard Workerstatsnoop can be used for general debugging, to see what file information has 52*387f9dfdSAndroid Build Coastguard Workerbeen requested, and whether those files exist. It can be used as a companion 53*387f9dfdSAndroid Build Coastguard Workerto opensnoop, which shows what files were actually opened. 54*387f9dfdSAndroid Build Coastguard Worker 55*387f9dfdSAndroid Build Coastguard Worker 56*387f9dfdSAndroid Build Coastguard WorkerUSAGE message: 57*387f9dfdSAndroid Build Coastguard Worker 58*387f9dfdSAndroid Build Coastguard Worker# ./statsnoop -h 59*387f9dfdSAndroid Build Coastguard Workerusage: statsnoop [-h] [-t] [-x] [-p PID] 60*387f9dfdSAndroid Build Coastguard Worker 61*387f9dfdSAndroid Build Coastguard WorkerTrace stat() syscalls 62*387f9dfdSAndroid Build Coastguard Worker 63*387f9dfdSAndroid Build Coastguard Workeroptional arguments: 64*387f9dfdSAndroid Build Coastguard Worker -h, --help show this help message and exit 65*387f9dfdSAndroid Build Coastguard Worker -t, --timestamp include timestamp on output 66*387f9dfdSAndroid Build Coastguard Worker -x, --failed only show failed stats 67*387f9dfdSAndroid Build Coastguard Worker -p PID, --pid PID trace this PID only 68*387f9dfdSAndroid Build Coastguard Worker 69*387f9dfdSAndroid Build Coastguard Workerexamples: 70*387f9dfdSAndroid Build Coastguard Worker ./statsnoop # trace all stat() syscalls 71*387f9dfdSAndroid Build Coastguard Worker ./statsnoop -t # include timestamps 72*387f9dfdSAndroid Build Coastguard Worker ./statsnoop -x # only show failed stats 73*387f9dfdSAndroid Build Coastguard Worker ./statsnoop -p 181 # only trace PID 181 74