These tools are a small collection curated by the bpftrace maintainers that have been battle-tested and are packaged with bpftrace. We're currently building a set of community tools, which is now accepting contributions.
Read more about how tools get added to this repository.
- tools/bashreadline.bt: Print entered bash commands system wide. Examples.
- tools/biolatency.bt: Block I/O latency as a histogram. Examples.
- tools/biosnoop.bt: Block I/O tracing tool, showing per I/O latency. Examples.
- tools/biostacks.bt: Show disk I/O latency with initialization stacks. Examples.
- tools/bitesize.bt: Show disk I/O size as a histogram. Examples.
- tools/capable.bt: Trace security capability checks. Examples.
- tools/cpuwalk.bt: Sample which CPUs are executing processes. Examples.
- tools/dcsnoop.bt: Trace directory entry cache (dcache) lookups. Examples.
- tools/execsnoop.bt: Trace new processes via exec() syscalls. Examples.
- tools/gethostlatency.bt: Show latency for getaddrinfo/gethostbyname[2] calls. Examples.
- tools/killsnoop.bt: Trace signals issued by the kill() syscall. Examples.
- tools/loads.bt: Print load averages. Examples.
- tools/mdflush.bt: Trace md flush events. Examples.
- tools/naptime.bt: Show voluntary sleep calls. Examples.
- tools/opensnoop.bt: Trace open() syscalls showing filenames. Examples.
- tools/oomkill.bt: Trace OOM killer. Examples.
- tools/pidpersec.bt: Count new processes (via fork). Examples.
- tools/runqlat.bt: CPU scheduler run queue latency as a histogram. Examples.
- tools/runqlen.bt: CPU scheduler run queue length as a histogram. Examples.
- tools/setuids.bt: Trace the setuid syscalls: privilege escalation. Examples.
- tools/ssllatency.bt: Summarize SSL/TLS handshake latency as a histogram. Examples
- tools/sslsnoop.bt: Trace SSL/TLS handshake, showing latency and return value. Examples
- tools/statsnoop.bt: Trace stat() syscalls for general debugging. Examples.
- tools/swapin.bt: Show swapins by process. Examples.
- tools/syncsnoop.bt: Trace sync() variety of syscalls. Examples.
- tools/syscount.bt: Count system calls. Examples.
- tools/tcpaccept.bt: Trace TCP passive connections (accept()). Examples.
- tools/tcpconnect.bt: Trace TCP active connections (connect()). Examples.
- tools/tcpdrop.bt: Trace kernel-based TCP packet drops with details. Examples.
- tools/tcplife.bt: Trace TCP session lifespans with connection details. Examples.
- tools/tcpretrans.bt: Trace TCP retransmits. Examples.
- tools/tcpsynbl.bt: Show TCP SYN backlog as a histogram. Examples.
- tools/threadsnoop.bt: List new thread creation. Examples.
- tools/undump.bt: Capture UNIX domain socket packages. Examples.
- tools/vfscount.bt: Count VFS calls. Examples.
- tools/vfsstat.bt: Count some VFS calls, with per-second summaries. Examples.
- tools/writeback.bt: Trace file system writeback events with details. Examples.
- tools/xfsdist.bt: Summarize XFS operation latency distribution as a histogram. Examples.
For more eBPF observability tools, see bcc tools.