This is the mail archive of the systemtap@sourceware.org mailing list for the systemtap project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Missing appname in lket output


Li Guanglei wrote:

After LKET starts, process_snapshot() will be called, but addevent.process.fork and addevent.process.execve won't be turned on by default. So if you have any new process to be forked/execved after LKET starts up, you will lost the appname info. This is why you see the appname listed as NULL.

<slaps forehead> I did wonder about that but I figured 'no, it couldn't be that simple'. But surely we need this documented, otherwise anyone using LKET will have the same question ? I'd be happy to update the man page if that'd help.

I ever thought of turning on fork/execve events by default, but finally I left it to the users to decide whether they want to capture such events. Do you think we should turn on fork/execve capture by default since they have a negligible overhead?

Well I did assume that those probes were added by default, since I could see tht they were required by b2a. I would say yes, with perhaps a flag to disable them for situations where enabling them would not be appropriate.

I don't remember that LKET ever wrote event names into lket.out. Only group id and hook id is written. Can you paste here a snippet of the output?

Sure, I'm reading the man page here : http://sourceware.org/systemtap/man5/lket-b2a.1.html (cvs has the same version). I see output like this:

10.24319 APPNAME: sshd PID:7203 CPU:3 HOOKGRP:2 HOOKID:2 syscall:write,


that appears to show the event name : "syscall:write". But when I run b2a I get output like this:
73.232758 APPNAME: mime.browse PID:19697 CPU:0 HOOKGRP:9 HOOKID:7 fd:9,buff_addr:-1208643584,count:3773,


After a few hours working with these files I do know that 9,7 is 'write' but wouldn't it be
handy to emit the event name in the file ? (actually there's not much need IMHO for the
group and hook ids because they're not human-readable anyway).


Couple of reasons for postprocessing in MySQL:

Yeah I don't disagree, I'm just reporting my user experience. Actually I'm supposedly a database expert , but I mainly work with their internal implementation rather than actually _using_ them ;)

This example will generate top 10 most frequently syscalls

Examples would be good. I can probably generate some.
The first thing I need to do is make a script that invokes
mysql in an automated fashion, avoiding all that show databases; use xxxxx; stuff.
It should just pick the most recent one.



Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]