From: Mathieu Desnoyers via lttng-dev <lttng-dev@lists.lttng.org>
To: Serica <serica_law@qq.com>
Cc: lttng-dev <lttng-dev@lists.lttng.org>
Subject: Re: [lttng-dev] Possibilities to customize lttng tracepoints in kernel space
Date: Thu, 17 Dec 2020 10:27:27 -0500 (EST) [thread overview]
Message-ID: <829410434.7017.1608218847209.JavaMail.zimbra@efficios.com> (raw)
In-Reply-To: <tencent_8F00E9F4A97AC396358B4008BF78437FE105@qq.com>
[-- Attachment #1.1: Type: text/plain, Size: 1632 bytes --]
----- On Dec 16, 2020, at 4:19 AM, lttng-dev <lttng-dev@lists.lttng.org> wrote:
> Hi,
> I send this email to consult that whether it is possible to customize lttng
> tracepoints in kernel space. I have learnt that lttng leverages linux
> tracepoint to collect audit logs like system calls. Also, I have found that
> user can define their customized tracepoints in user space by using lttng-ust
> so that they can trace their user applications.
> Is it possible for lttng users to customize the existing tracepoints in kernel
> space? For example, after the system call sys_clone, or read, called and then
> collected by lttng, I want to process some data ( e.g., the return value of the
> syscall ), and place the result in a new field in the audit log ( or using
> another approach, by emitting a new type of event in the audit log ), and later
> when parsed by babeltrace, we can see the newly-added field or event in the
> parsed result.
> Looking forward to your reply.
Hi,
You will want to start by having a look at this section of the LTTng documentation: https://lttng.org/docs/v2.12/#doc-instrumenting-linux-kernel
You can indeed modify lttng-modules to change the fields gathered by the system call tracing facility (see include/instrumentation/syscalls/README section (3)).
Those changes will be reflected in the resulting trace data.
Thanks,
Mathieu
> Best wishes,
> Serica
> _______________________________________________
> lttng-dev mailing list
> lttng-dev@lists.lttng.org
> https://lists.lttng.org/cgi-bin/mailman/listinfo/lttng-dev
--
Mathieu Desnoyers
EfficiOS Inc.
http://www.efficios.com
[-- Attachment #1.2: Type: text/html, Size: 2832 bytes --]
[-- Attachment #2: Type: text/plain, Size: 156 bytes --]
_______________________________________________
lttng-dev mailing list
lttng-dev@lists.lttng.org
https://lists.lttng.org/cgi-bin/mailman/listinfo/lttng-dev
next prev parent reply other threads:[~2020-12-17 15:27 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-12-16 9:19 [lttng-dev] Possibilities to customize lttng tracepoints in kernel space Serica via lttng-dev
2020-12-17 15:27 ` Mathieu Desnoyers via lttng-dev [this message]
2020-12-24 2:46 ` [lttng-dev] =?gb18030?b?u9i4tKO6ICBQb3NzaWJpbGl0aWVzIHRvIGN1c3Rv?= =?gb18030?q?mize_lttng_tracepoints_in_kernel_space?= Serica via lttng-dev
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=829410434.7017.1608218847209.JavaMail.zimbra@efficios.com \
--to=lttng-dev@lists.lttng.org \
--cc=mathieu.desnoyers@efficios.com \
--cc=serica_law@qq.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).