[lttng-dev] =?gb18030?b?u9i4tKO6ICBQb3NzaWJpbGl0aWVzIHRvIGN1c3Rv?= =?gb18030?q?mize_lttng_tracepoints_in_kernel_space?= - Serica via lttng-dev

From: Serica via lttng-dev <lttng-dev@lists.lttng.org>
To: =?gb18030?B?TWF0aGlldSBEZXNub3llcnM=?= <mathieu.desnoyers@efficios.com>
Cc: =?gb18030?B?bHR0bmctZGV2?= <lttng-dev@lists.lttng.org>
Subject: [lttng-dev] =?gb18030?b?u9i4tKO6ICBQb3NzaWJpbGl0aWVzIHRvIGN1c3Rv?= =?gb18030?q?mize_lttng_tracepoints_in_kernel_space?=
Date: Thu, 24 Dec 2020 10:46:33 +0800	[thread overview]
Message-ID: <tencent_6AE11693EAB31DE89E4254FBDADE6519090A@qq.com> (raw)
In-Reply-To: <829410434.7017.1608218847209.JavaMail.zimbra@efficios.com>

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1.1: Type: text/plain; charset="gb18030", Size: 2963 bytes --]

Hi,

Thanks for your reply. Some other stuff. I found that lttng is working on container awareness in this slides:&nbsp;https://archive.fosdem.org/2019/schedule/event/containers_lttng/attachments/slides/3419/export/events/attachments/containers_lttng/slides/3419/lttng_containers_fosdem19.pdf

On page #13, there is a command:&nbsp; lttng add-context -k -t procname -t pid -t vpid -t tid -t vtid -t pid_ns, where pid_ns and other namespace identifiers are very useful for tracing containers. However, it seems like that lttng of current version doesn't support adding context pid_ns(Error: Unknown context type pid_ns). Do you know how to enable these features?

Thanks a lot.
Btw, have a nice holiday!

Serica

------------------&nbsp;ÔÊ¼ÓÊ¼þ&nbsp;------------------
·¢¼þÈË:                                                                                                                        "Mathieu Desnoyers"                                                                                    <mathieu.desnoyers@efficios.com&gt;;
·¢ËÍÊ±¼ä:&nbsp;2020Äê12ÔÂ17ÈÕ(ÐÇÆÚËÄ) ÍíÉÏ11:27
ÊÕ¼þÈË:&nbsp;"Serica"<serica_law@qq.com&gt;;
³ËÍ:&nbsp;"lttng-dev"<lttng-dev@lists.lttng.org&gt;;
Ö÷Ìâ:&nbsp;Re: [lttng-dev] Possibilities to customize lttng tracepoints in kernel space

----- On Dec 16, 2020, at 4:19 AM, lttng-dev <lttng-dev@lists.lttng.org&gt; wrote:

Hi,

I send this email to consult that whether it is possible to customize lttng tracepoints in kernel space. I have learnt that lttng leverages linux tracepoint to collect audit logs like system calls. Also, I have found that user can define their customized tracepoints in user space by using lttng-ust so that they can trace their user applications.

Is it possible for lttng users to customize the existing tracepoints in kernel space? For example, after the system call sys_clone, or read, called and then collected by lttng, I want to process some data ( e.g., the return value of the syscall ), and place the result in a new field in the audit log ( or using another approach, by emitting a new type of event in the audit log ), and later when parsed by babeltrace, we can see the newly-added field or event in the parsed result.

Looking forward to your reply.

Hi,

You will want to start by having a look at this section of the LTTng documentation: https://lttng.org/docs/v2.12/#doc-instrumenting-linux-kernel

You can indeed modify lttng-modules to change the fields gathered by the system call tracing facility (see include/instrumentation/syscalls/README section (3)).
Those changes will be reflected in the resulting trace data.

Thanks,

Mathieu

Best wishes,

Serica

_______________________________________________
lttng-dev mailing list
lttng-dev@lists.lttng.org
https://lists.lttng.org/cgi-bin/mailman/listinfo/lttng-dev

-- 

Mathieu Desnoyers
EfficiOS Inc.
http://www.efficios.com

[-- Attachment #1.2: Type: text/html, Size: 5149 bytes --]

[-- Attachment #2: Type: text/plain, Size: 156 bytes --]

_______________________________________________
lttng-dev mailing list
lttng-dev@lists.lttng.org
https://lists.lttng.org/cgi-bin/mailman/listinfo/lttng-dev