oracular (8) syscount-perf.8.gz
NAME
syscount - count system calls. Uses Linux perf_events.
SYNOPSIS
syscount [-chv] [-t top] {-p PID|-d seconds|command}
DESCRIPTION
This is a proof-of-concept using perf_events capabilities for older kernel versions, that lack custom in-kernel aggregations. Once they exist, this script can be substantially rewritten and improved (lower overhead).
REQUIREMENTS
Linux perf_events: add linux-tools-common, run "perf", then add any additional packages it requests. Also needs awk.
OPTIONS
-c Show counts by syscall name. This mode (without -v) uses in-kernel counts, which have lower overhead than the default mode. -h Usage message. -v Verbose: include PID. -p PID Trace this process ID only. -d seconds Duration of trace in seconds. command Run and trace this command.
EXAMPLES
Trace and summarize syscalls by process name: # syscount Trace and summarize syscalls by syscall name (lower overhead): # syscount -c Trace for 5 seconds, showing by process name: # syscount -d 5 Trace PID 932 only, and show by syscall name (lower overhead): # syscount -cp 923 Execute the """ls""" command, and show by syscall name: # syscount -c ls
FIELDS
PID Process ID. COMM Process command name. SYSCALL Syscall name. COUNT Number of syscalls during tracing.
OVERHEAD
Modes that report syscall names only (-c, -cp PID, -cd secs) have lower overhead, since they use in-kernel counts. Other modes which report process IDs (-cv) or process names (default) create a perf.data file for post processing, and you will see messages about it doing this. Beware of the file size (test for short durations, or use -c to see counts based on in-kernel counters), and gauge overheads based on the perf.data size. Note that this script delibrately does not pipe perf record into perf script, which would avoid perf.data, because it can create a feedback loop where the perf script syscalls are recorded. Hopefully there will be a fix for this in a later perf version, so perf.data can be skipped, or other kernel features to aggregate by process name in-kernel directly (eg, via eBPF, ktap, or SystemTap).
SOURCE
This is from the perf-tools collection. https://github.com/brendangregg/perf-tools Also look under the examples directory for a text file containing example usage, output, and commentary for this tool.
OS
Linux
STABILITY
Unstable - in development.
AUTHOR
Brendan Gregg
SEE ALSO
iosnoop(8), iolatency(8), iostat(1)