I send this email to consult that whether it is possible to customize lttng tracepoints in kernel space. I have learnt that lttng leverages linux tracepoint to collect audit logs like system calls. Also, I have found that user can define their customized tracepoints in user space by using lttng-ust so that they can trace their user applications.

Is it possible for lttng users to customize the existing tracepoints in kernel space? For example, after the system call sys_clone, or read, called and then collected by lttng, I want to process some data ( e.g., the return value of the syscall ), and place the result in a new field in the audit log ( or using another approach, by emitting a new type of event in the audit log ), and later when parsed by babeltrace, we can see the newly-added field or event in the parsed result.