#!/usr/bin/ksh # Each Dtrace one-liner is presented as a function that echoes the # one-liner and then executes it. # # `typeset -f` in the select statement then creates an index of the # available functions to choose from. # # The trap technique below allows the user to interrupt the Dtrace # command without exiting the select loop. # ## Functions Listing # New processes with arguments function new_processes_with_arguments { echo "New processes with arguments" echo "dtrace -n 'proc:::exec-success { trace(curpsinfo->pr_psargs) ; }'" dtrace -n 'proc:::exec-success { trace(curpsinfo->pr_psargs) ; }' } # Files opened by process function files_opened_by_process { echo "Files opened by process" echo "dtrace -n 'syscall::open*:entry { printf("%s %s",execname,copyinstr(arg0)); }'" dtrace -n 'syscall::open*:entry { printf("%s %s",execname,copyinstr(arg0)); }' } # Syscall count by program function syscall_count_by_program { echo "Syscall count by program" echo "dtrace -n 'syscall:::entry { @num[execname] = count(); }'" dtrace -n 'syscall:::entry { @num[execname] = count(); }' } # Syscall count by syscall function syscall_count_by_syscall { echo "Syscall count by syscall" echo "dtrace -n 'syscall:::entry { @num[probefunc] = count(); }'" dtrace -n 'syscall:::entry { @num[probefunc] = count(); }' } # Syscall count by process function syscall_count_by_process { echo "Syscall count by process" echo "dtrace -n 'syscall:::entry { @num[pid,execname] = count(); }'" dtrace -n 'syscall:::entry { @num[pid,execname] = count(); }' } # Read bytes by process function read_bytes_by_process { echo "Read bytes by process" echo "dtrace -n 'sysinfo:::readch { @bytes[execname] = sum(arg0); }'" dtrace -n 'sysinfo:::readch { @bytes[execname] = sum(arg0); }' } # Write bytes by process, function write_bytes_by_process { echo "Written bytes by process" echo "dtrace -n 'sysinfo:::writech { @bytes[execname] = sum(arg0); }'" dtrace -n 'sysinfo:::writech { @bytes[execname] = sum(arg0); }' } # Read size distribution by process function read_size_distribution_by_process { echo "Read size distribution by process" echo "dtrace -n 'sysinfo:::readch { @dist[execname] = quantize(arg0); }'" dtrace -n 'sysinfo:::readch { @dist[execname] = quantize(arg0); }' } # Write size distribution by process function write_size_distribution_by_process { echo "Write size distribution by process" dtrace -n 'sysinfo:::writech { @dist[execname] = quantize(arg0); }' echo "dtrace -n 'sysinfo:::writech { @dist[execname] = quantize(arg0); }'" } # Disk size by process function disk_size_by_process { echo "Disk size by process" echo "dtrace -n 'io:::start { printf("%d %s %d",pid,execname,args[0]->b_bcount); }'" dtrace -n 'io:::start { printf("%d %s %d",pid,execname,args[0]->b_bcount); }' } # Pages paged in by process function pages_paged_in_by_process { echo "Pages paged in by process" echo "dtrace -n 'vminfo:::pgpgin { @pg[execname] = sum(arg0); }'" dtrace -n 'vminfo:::pgpgin { @pg[execname] = sum(arg0); }' } # Minor faults by process function minor_faults_by_process { echo "Minor faults by process" echo "dtrace -n 'vminfo:::as_fault { @mem[execname] = sum(arg0); }'" dtrace -n 'vminfo:::as_fault { @mem[execname] = sum(arg0); }' } # Interrupts by CPU function interrupts_by_CPU { echo "Interrupts by CPU" echo "dtrace -n 'sdt:::interrupt-start { @num[cpu] = count(); }'" dtrace -n 'sdt:::interrupt-start { @num[cpu] = count(); }' } # New processes with arguments and time function new_processes_with_arguments_and_time { echo "New processes with arguments and time" echo "dtrace -qn 'syscall::exec*:return { printf("%Y %s\n",walltimestamp,curpsinfo->pr_psargs); }'" dtrace -qn 'syscall::exec*:return { printf("%Y %s\n",walltimestamp,curpsinfo->pr_psargs); }' } # Successful signal details function successful_signal_details { echo "Successful signal details" echo "dtrace -n 'proc:::signal-send /pid/ { printf("%s -%d %d",execname,args[2],args[1]->pr_pid); }'" dtrace -n 'proc:::signal-send /pid/ { printf("%s -%d %d",execname,args[2],args[1]->pr_pid); }' } # Exit the select loop function Quit { echo "Thanks for trying out the one-liners!" exit } ## Main execution PS3="Select a one-liner (RETURN refreshes list): " select one_liner in `typeset +f` do echo trap "trap '' 2" 2 echo '***********************' ${one_liner} trap "" 2 echo '***********************' done