dtrace sample

#!/usr/sbin/dtrace -s

    

#pragma D option flowindent



/* monitor file open */

syscall::open:entry

{

    printf("%s %s", execname, copyinstr(arg0));

}



/* monitor process fork*/

syscall::fork*:

{

    trace(pid);

}



syscall::exec*:

{

    trace(execname);

}



syscall::posix_spawn*:

{

    trace(execname);

}



/* monitor syscall of process */

syscall:::entry

/execname == "Google Chrome" || execname == "Google Chrome Helper"/

{

    @[probefunc] = count();

}

        

/* show read bytes */

syscall::read:return

{

    @[execname] = quantize(arg0);

}



/* profilling process names*/

profile-997

{

    @[execname] = count();

}

    

tick-1s

{

    printa(@);

    trunc(@);

}



/* timing system call */

syscall::write:entry

{

    self->s = timestamp;

}

syscall::write:return

/self->s/

{

    @["ns"] = quantize(timestamp - self->s);

    self->s = 0;

}