master

分支 (38)

标签 (41)

管理

管理

master

dev_oe22.03sp3

yhs_dev

fix-slab

yhs-dev

yhs_dev2

davemarchevsky-patch-5

revert-4264-symtable-preload

davemarchevsky-test-fixes

davemarchevsky-patch-4

davemarchevsky-patch-3

davemarchevsky-patch-2

davemarchevsky-patch-1

gh-pages

tag_v0.10.0

tag_v0.9.0

tag_v0.8.0

tag_v0.7.0

python3-testing

tag_v0.6.1

v0.30.0

v0.29.1

v0.29.0

0.29.0

v0.28.0

v0.27.0

v0.26.0

v0.25.0

v0.24.0

v0.23.0

v0.22.0

v0.21.0

v0.20.0

v0.19.0

v0.18.0

v0.17.0

v0.16.0

v0.15.0

v0.14.0

v0.13.0

bcc
/
tools
/
killsnoop_example.txt

Demonstrations of killsnoop, the Linux eBPF/bcc version.


This traces signals sent via the kill() syscall. For example:

# ./killsnoop
TIME      PID    COMM             SIG  TPID   RESULT
12:10:51  13967  bash             9    13885  0
12:11:34  13967  bash             9    1024   -3
12:11:41  815    systemd-udevd    15   14076  0

The first line showed a SIGKILL (9) sent from PID 13967 (a bash shell) to
PID 13885. The result, 0, means success.

The second line showed the same signal sent, this time resulting in a -3
(ESRCH: no such process).


USAGE message:

# ./killsnoop -h
usage: killsnoop [-h] [-x] [-p PID] [-T PID] [-s SIGNAL]

Trace signals issued by the kill() syscall

optional arguments:
  -h, --help            show this help message and exit
  -x, --failed          only show failed kill syscalls
  -p PID, --pid PID     trace this PID only which is the sender of signal
  -T TPID, --tpid TPID  trace this target PID only which is the receiver of
                        signal
  -s SIGNAL, --signal SIGNAL
                        trace this signal only

examples:
    ./killsnoop           # trace all kill() signals
    ./killsnoop -x        # only show failed kills
    ./killsnoop -p 181    # only trace PID 181
    ./killsnoop -T 189    # only trace target PID 189
    ./killsnoop -s 9      # only trace signal 9