Re: how to continuously capture events

From: Steven Rostedt <rostedt@goodmis.org>
To: Lin Wang <wanglinseven@gmail.com>
Cc: linux-trace-users@vger.kernel.org
Subject: Re: how to continuously capture events
Date: Wed, 5 May 2021 09:18:29 -0400	[thread overview]
Message-ID: <20210505091829.3eb87117@gandalf.local.home> (raw)
In-Reply-To: <CABPy0FmkQAJXiX=uQatisCCHsZpfpk78DA9GrNFfULTguiY_vQ@mail.gmail.com>

On Wed, 5 May 2021 08:21:35 -0400
Lin Wang <wanglinseven@gmail.com> wrote:

> Hi all,
> 
> I'm new to ftrace and linux programming in general. Forgive me for

Hi Lin,

Welcome!

> asking dumb questions.

When first learning something, there are no dumb questions :-)

> 
> I'm trying to continuously capture certain kernel events, convert them
> to a different format and then write them to a file.
> 
> I understand that trace_pipe should be used for streaming. But I'm not
> sure how to read the content of trace_pipe at event boundary (I
> currently just read it to a temp buffer which would sometimes cut the
> last event in half). I discovered libtraceevent and libtracefs that I
> think are meant to help with this kind of tasks, so I'm reading the
> source code of trace-cmd to find examples. But so far the progress has
> been slow.

Yes, libtracefs is what you want.

The man pages are here (I'm still working on a tutorial):

 https://trace-cmd.org/Documentation/libtracefs/libtracefs.html

Although that may be a little out of date. I need to automate that to be
updated whenever I make a new release.

> 
> Could anyone point me to the right direction, or advise me with a
> general outline of what I should do to achieve my task?
> 

I think you may be on the right track.

trace-cmd is hard to read, but we are working on sample code that will make
using libtracefs much easier. For example, I wrote this simple code to read
all files that are opened.

  # ./show-open-files cat /etc/passwd
42727-<...>: file=/etc/ld.so.cache flags=88000 mode=0
42727-<...>: :   addr=0x7f8900123868
42727-<...>: :   addr=0x7f89001100f7
42727-<...>: file=/lib64/libc.so.6 flags=88000 mode=0
42727-<...>: :   addr=0x7f8900123868
42727-<...>: :   addr=0x7f8900110139
42727-<...>: file=/usr/lib/locale/locale-archive flags=88000 mode=0
42727-<...>: :   addr=0x7f890000886c
42727-<...>: :   addr=0x7f88fff448ce
42727-<...>: :   addr=0x7f88fff44268
root:x:0:0:root:/root:/bin/bash
[..]
flatpak:x:963:962:User for flatpak system helper:/:/sbin/nologin
42727-<...>: file=/etc/passwd flags=8000 mode=0
42727-<...>: :   addr=0x7f890000319b
42727-<...>: :   addr=0x4c45485300647773

  http://rostedt.org/code/show-open-files.c

We are adding new API to libtracefs all the time to make it even easier to
access the tracefs file system. Feel free to subscribe to linux-trace-devel
if you want to participate or just want to see what is being worked on.

  http://vger.kernel.org/vger-lists.html#linux-trace-devel

If you have any more questions, feel free to ask!

-- Steve