bpftrace: add page (#4702)

2020-10-17 16:47:18 -03:00
parent 10a79e10fe
commit 83df2f6125
1 changed files with 28 additions and 0 deletions
--- a/pages/linux/bpftrace.md
+++ b/pages/linux/bpftrace.md
@@ -0,0 +1,28 @@
+# bpftrace
+
+> High-level tracing language for Linux eBPF.
+> More information: <https://github.com/iovisor/bpftrace>.
+
+- Display bpftrace version:
+
+`bpftrace -V`
+
+- List all available probes:
+
+`sudo bpftrace -l`
+
+- Run a one-liner program (e.g syscall count by program):
+
+`sudo bpftrace -e '{{tracepoint:raw_syscalls:sys_enter { @[comm] = count(); }}}'`
+
+- Run a program from a file:
+
+`sudo bpftrace {{path/to/file}}`
+
+- Trace a program by PID:
+
+`sudo bpftrace -e '{{tracepoint:raw_syscalls:sys_enter /pid == 123/ { @[comm] = count(); }}}'`
+
+- Do a dry run and display the output in eBPF format:
+
+`sudo bpftrace -d -e '{{one_line_program}}'`