forked from bpftrace/bpftrace
-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathkillsnoop_example.txt
More file actions
22 lines (15 loc) · 846 Bytes
/
killsnoop_example.txt
File metadata and controls
22 lines (15 loc) · 846 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
Demonstrations of killsnoop, the Linux bpftrace/eBPF version.
This traces signals sent via the kill() syscall. For example:
# ./killsnoop.bt
Attaching 3 probes...
Tracing kill() signals... Hit Ctrl-C to end.
TIME PID COMM SIG TPID RESULT
00:09:37.345938 22485 bash 2 23856 0
00:09:40.838452 22485 bash 2 23856 -3
00:09:31.437104 22485 bash 15 23814 -3
The first line showed a SIGINT (2) sent from PID 22485 (a bash shell) to
PID 23856. The result, 0, means success. The next line shows the same signal
sent, which resulted in -3, a failure (likely because the target process
no longer existed).
There is another version of this tool in bcc: https://github.com/iovisor/bcc
The bcc version provides command line options to customize the output.