This is the mail archive of the systemtap@sourceware.org mailing list for the systemtap project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: a couple simple scripts

From: Kevin Stafford <kevinrs at us dot ibm dot com>
To: Martin Hunt <hunt at redhat dot com>, systemtap at sources dot redhat dot com
Date: Thu, 01 Sep 2005 14:11:17 -0700
Subject: Re: a couple simple scripts
References: <1125599113.3224.5.camel@dragon>

Martin Hunt wrote:

Would it be helpful to post some sample scripts that do useful work?

Here's a one-liner:

stap -e 'probe kernel.function("sys_open") {print(execname()."[".string(pid())."]"." opened ".$filename)}'

And here's a version of shellsnoop:
-------------------------------------
global pids
probe kernel.function("do_execve") {
       if (execname() == "bash" || execname() == "sh" || execname == "tcsh") {
               print("user= ".string(uid())."\tpid= ".string(pid())."\tppid= ".string(ppid())."\texec ".$filename)
               pids[pid()] = 1
       }
}

This one breaks on my system.

user= 501 pid= 11925 ppid= 8176 exec /bin/ls ERROR: pointer dereference fault near identifier '$filename' at /home/krstaffo/mytests/shell_snoop.stp:13:67

I thought this was because of $filename looking into userspace. (see BZ#1243). Does this script work on your machine?

---------------------------------------

--
Kevin Stafford
DES 2 | MS 2M3
Beaverton - OR
Linux Technology Center
IBM Systems & Technology
Phone: 1-503-578-3039
Email: kevinrs@us.ibm.com

Follow-Ups:
- Re: a couple simple scripts
  - From: Martin Hunt

References:
- a couple simple scripts
  - From: Martin Hunt

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]