archive mirror
 help / color / mirror / Atom feed
From: Steven Rostedt <>
To: Lin Wang <>
Subject: Re: how to continuously capture events
Date: Wed, 5 May 2021 09:18:29 -0400	[thread overview]
Message-ID: <20210505091829.3eb87117@gandalf.local.home> (raw)
In-Reply-To: <>

On Wed, 5 May 2021 08:21:35 -0400
Lin Wang <> wrote:

> Hi all,
> I'm new to ftrace and linux programming in general. Forgive me for

Hi Lin,


> asking dumb questions.

When first learning something, there are no dumb questions :-)

> I'm trying to continuously capture certain kernel events, convert them
> to a different format and then write them to a file.
> I understand that trace_pipe should be used for streaming. But I'm not
> sure how to read the content of trace_pipe at event boundary (I
> currently just read it to a temp buffer which would sometimes cut the
> last event in half). I discovered libtraceevent and libtracefs that I
> think are meant to help with this kind of tasks, so I'm reading the
> source code of trace-cmd to find examples. But so far the progress has
> been slow.

Yes, libtracefs is what you want.

The man pages are here (I'm still working on a tutorial):

Although that may be a little out of date. I need to automate that to be
updated whenever I make a new release.

> Could anyone point me to the right direction, or advise me with a
> general outline of what I should do to achieve my task?

I think you may be on the right track.

trace-cmd is hard to read, but we are working on sample code that will make
using libtracefs much easier. For example, I wrote this simple code to read
all files that are opened.

  # ./show-open-files cat /etc/passwd
42727-<...>: file=/etc/ flags=88000 mode=0
42727-<...>: :   addr=0x7f8900123868
42727-<...>: :   addr=0x7f89001100f7
42727-<...>: file=/lib64/ flags=88000 mode=0
42727-<...>: :   addr=0x7f8900123868
42727-<...>: :   addr=0x7f8900110139
42727-<...>: file=/usr/lib/locale/locale-archive flags=88000 mode=0
42727-<...>: :   addr=0x7f890000886c
42727-<...>: :   addr=0x7f88fff448ce
42727-<...>: :   addr=0x7f88fff44268
flatpak:x:963:962:User for flatpak system helper:/:/sbin/nologin
42727-<...>: file=/etc/passwd flags=8000 mode=0
42727-<...>: :   addr=0x7f890000319b
42727-<...>: :   addr=0x4c45485300647773

We are adding new API to libtracefs all the time to make it even easier to
access the tracefs file system. Feel free to subscribe to linux-trace-devel
if you want to participate or just want to see what is being worked on.

If you have any more questions, feel free to ask!

-- Steve

  reply	other threads:[~2021-05-05 13:18 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-05-05 12:21 how to continuously capture events Lin Wang
2021-05-05 13:18 ` Steven Rostedt [this message]
2021-05-05 14:48   ` Lin Wang
2021-05-05 13:47 ` Jonathan Rajotte-Julien
2021-05-05 14:50   ` Lin Wang

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20210505091829.3eb87117@gandalf.local.home \ \ \ \

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).