Provided by: bpftrace_0.9.4-1_amd64 bug

NAME

       killsnoop.bt - Trace signals issued by the kill() syscall. Uses bpftrace/eBPF.

SYNOPSIS

       killsnoop.bt

DESCRIPTION

       killsnoop  traces  the  kill()  syscall, to show signals sent via this method. This may be
       useful to troubleshoot  failing  applications,  where  an  unknown  mechanism  is  sending
       signals.

       This works by tracing the kill() syscall tracepoints.

       Since this uses BPF, only the root user can use this tool.

REQUIREMENTS

       CONFIG_BPF and bpftrace.

EXAMPLES

       Trace all kill() syscalls:
              # killsnoop.bt

FIELDS

       TIME   Time of the kill call.

       PID    Source process ID

       COMM   Source process name

       SIG    Signal number. See signal(7).

       TPID   Target process ID

       RES    Result. 0 == success, a negative value (of the error code) for failure.

OVERHEAD

       This traces the kernel kill function and prints output for each event. As the rate of this
       is generally expected to be low (< 100/s), the overhead is also expected to be negligible.
       If  you  have  an application that is calling a very high rate of kill()s for some reason,
       then test and understand overhead before use.

SOURCE

       This is from bpftrace.

              https://github.com/iovisor/bpftrace

       Also look in the bpftrace distribution  for  a  companion  _examples.txt  file  containing
       example usage, output, and commentary for this tool.

       This is a bpftrace version of the bcc tool of the same name. The bcc tool may provide more
       options and customizations.

              https://github.com/iovisor/bcc

OS

       Linux

STABILITY

       Unstable - in development.

AUTHOR

       Brendan Gregg

SEE ALSO

       opensnoop(8)