From 83df2f61253a831bb7b973137431d8a06653e7d8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andr=C3=A9=20Almeida?= <andrealmeid@collabora.com>
Date: Sat, 17 Oct 2020 16:47:18 -0300
Subject: [PATCH] bpftrace: add page (#4702)

---
 pages/linux/bpftrace.md | 28 ++++++++++++++++++++++++++++
 1 file changed, 28 insertions(+)
 create mode 100644 pages/linux/bpftrace.md

diff --git a/pages/linux/bpftrace.md b/pages/linux/bpftrace.md
new file mode 100644
index 000000000..02e3d2673
--- /dev/null
+++ b/pages/linux/bpftrace.md
@@ -0,0 +1,28 @@
+# bpftrace
+
+> High-level tracing language for Linux eBPF.
+> More information: <https://github.com/iovisor/bpftrace>.
+
+- Display bpftrace version:
+
+`bpftrace -V`
+
+- List all available probes:
+
+`sudo bpftrace -l`
+
+- Run a one-liner program (e.g syscall count by program):
+
+`sudo bpftrace -e '{{tracepoint:raw_syscalls:sys_enter { @[comm] = count(); }}}'`
+
+- Run a program from a file:
+
+`sudo bpftrace {{path/to/file}}`
+
+- Trace a program by PID:
+
+`sudo bpftrace -e '{{tracepoint:raw_syscalls:sys_enter /pid == 123/ { @[comm] = count(); }}}'`
+
+- Do a dry run and display the output in eBPF format:
+
+`sudo bpftrace -d -e '{{one_line_program}}'`