This is the mail archive of the
systemtap@sourceware.org
mailing list for the systemtap project.
a couple simple scripts
- From: Martin Hunt <hunt at redhat dot com>
- To: systemtap at sources dot redhat dot com
- Date: Thu, 01 Sep 2005 11:25:13 -0700
- Subject: a couple simple scripts
- Organization: Red Hat Inc.
Would it be helpful to post some sample scripts that do useful work?
Here's a one-liner:
>stap -e 'probe kernel.function("sys_open") {print(execname()."[".string(pid())."]"." opened ".$filename)}'
And here's a version of shellsnoop:
-------------------------------------
global pids
probe kernel.function("do_execve") {
if (execname() == "bash" || execname() == "sh" || execname == "tcsh") {
print("user= ".string(uid())."\tpid= ".string(pid())."\tppid= ".string(ppid())."\texec ".$filename)
pids[pid()] = 1
}
}
probe kernel.function("sys_open") {
if (pids[pid()])
print(execname()."[".string(pid())."]"." opened ".$filename)
}
probe kernel.function("sys_read") {
if (pids[pid()])
print(execname()."[".string(pid())."]"." read fd ".string($fd))
}
probe kernel.function("sys_write") {
if (pids[pid()])
print(execname()."[".string(pid())."]"." write fd ".string($fd)." ".string($count)." bytes")
}
---------------------------------------