These tools are a small collection curated by the bpftrace maintainers that have been battle-tested and are packaged with bpftrace. We're currently building a set of community tools, which is now accepting contributions.
Read more about how tools get added to this repository.
- tools/bashreadline.bt - Print entered bash commands system wide. Examples.
- tools/biolatency.bt - Block I/O latency as a histogram. Examples.
- tools/biosnoop.bt - Block I/O tracing tool, showing per I/O latency. Examples.
- tools/biostacks.bt - Show disk I/O latency with initialization stacks. Examples.
- tools/bitesize.bt - Show disk I/O size as a histogram. Examples.
- tools/capable.bt - Trace security capability checks. Examples.
- tools/cpuwalk.bt - Sample which CPUs are executing processes. Examples.
- tools/dcsnoop.bt - Trace directory entry cache (dcache) lookups. Examples.
- tools/execsnoop.bt - Trace new processes via exec() syscalls. Examples.
- tools/gethostlatency.bt - Show latency for getaddrinfo/gethostbyname[2] calls. Examples.
- tools/killsnoop.bt - Trace signals issued by the kill() syscall. Examples.
- tools/loads.bt - Print load averages. Examples.
- tools/mdflush.bt - Trace md flush events. Examples.
- tools/naptime.bt - Show voluntary sleep calls. Examples.
- tools/opensnoop.bt - Trace open() syscalls showing filenames. Examples.
- tools/oomkill.bt - Trace OOM killer. Examples.
- tools/pidpersec.bt - Count new processes (via fork). Examples.
- tools/runqlat.bt - CPU scheduler run queue latency as a histogram. Examples.
- tools/runqlen.bt - CPU scheduler run queue length as a histogram. Examples.
- tools/setuids.bt - Trace the setuid syscalls: privilege escalation. Examples.
- tools/ssllatency.bt - Summarize SSL/TLS handshake latency as a histogram. Examples
- tools/sslsnoop.bt - Trace SSL/TLS handshake, showing latency and return value. Examples
- tools/statsnoop.bt - Trace stat() syscalls for general debugging. Examples.
- tools/swapin.bt - Show swapins by process. Examples.
- tools/syncsnoop.bt - Trace sync() variety of syscalls. Examples.
- tools/syscount.bt - Count system calls. Examples.
- tools/tcpaccept.bt - Trace TCP passive connections (accept()). Examples.
- tools/tcpconnect.bt - Trace TCP active connections (connect()). Examples.
- tools/tcpdrop.bt - Trace kernel-based TCP packet drops with details. Examples.
- tools/tcplife.bt - Trace TCP session lifespans with connection details. Examples.
- tools/tcpretrans.bt - Trace TCP retransmits. Examples.
- tools/tcpsynbl.bt - Show TCP SYN backlog as a histogram. Examples.
- tools/threadsnoop.bt - List new thread creation. Examples.
- tools/undump.bt - Capture UNIX domain socket packages. Examples.
- tools/vfscount.bt - Count VFS calls. Examples.
- tools/vfsstat.bt - Count some VFS calls, with per-second summaries. Examples.
- tools/writeback.bt - Trace file system writeback events with details. Examples.
- tools/xfsdist.bt - Summarize XFS operation latency distribution as a histogram. Examples.
For more eBPF observability tools, see bcc tools.