This is the mail archive of the systemtap@sourceware.org mailing list for the systemtap project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

a couple simple scripts


Would it be helpful to post some sample scripts that do useful work?

Here's a one-liner:
>stap -e 'probe kernel.function("sys_open") {print(execname()."[".string(pid())."]"." opened ".$filename)}'

And here's a version of shellsnoop:

-------------------------------------
global pids

probe kernel.function("do_execve") {
        if (execname() == "bash" || execname() == "sh" || execname == "tcsh") {
                print("user= ".string(uid())."\tpid= ".string(pid())."\tppid= ".string(ppid())."\texec ".$filename)
                pids[pid()] = 1
        }
}

probe kernel.function("sys_open") {
        if (pids[pid()])
                print(execname()."[".string(pid())."]"." opened ".$filename)
}

probe kernel.function("sys_read") {
        if (pids[pid()])
                print(execname()."[".string(pid())."]"." read fd ".string($fd))
}

probe kernel.function("sys_write") {
        if (pids[pid()])
                print(execname()."[".string(pid())."]"." write fd ".string($fd)." ".string($count)." bytes")
}
---------------------------------------


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]