* [lttng-dev] Possibilities to customize lttng tracepoints in kernel space
@ 2020-12-16 9:19 Serica via lttng-dev
2020-12-17 15:27 ` Mathieu Desnoyers via lttng-dev
0 siblings, 1 reply; 3+ messages in thread
From: Serica via lttng-dev @ 2020-12-16 9:19 UTC (permalink / raw)
To: lttng-dev
[-- Attachment #1.1: Type: text/plain, Size: 910 bytes --]
Hi,
I send this email to consult that whether it is possible to customize lttng tracepoints in kernel space. I have learnt that lttng leverages linux tracepoint to collect audit logs like system calls. Also, I have found that user can define their customized tracepoints in user space by using lttng-ust so that they can trace their user applications.
Is it possible for lttng users to customize the existing tracepoints in kernel space? For example, after the system call sys_clone, or read, called and then collected by lttng, I want to process some data ( e.g., the return value of the syscall ), and place the result in a new field in the audit log ( or using another approach, by emitting a new type of event in the audit log ), and later when parsed by babeltrace, we can see the newly-added field or event in the parsed result.
Looking forward to your reply.
Best wishes,
Serica
[-- Attachment #1.2: Type: text/html, Size: 1090 bytes --]
[-- Attachment #2: Type: text/plain, Size: 156 bytes --]
_______________________________________________
lttng-dev mailing list
lttng-dev@lists.lttng.org
https://lists.lttng.org/cgi-bin/mailman/listinfo/lttng-dev
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [lttng-dev] Possibilities to customize lttng tracepoints in kernel space
2020-12-16 9:19 [lttng-dev] Possibilities to customize lttng tracepoints in kernel space Serica via lttng-dev
@ 2020-12-17 15:27 ` Mathieu Desnoyers via lttng-dev
2020-12-24 2:46 ` [lttng-dev] =?gb18030?b?u9i4tKO6ICBQb3NzaWJpbGl0aWVzIHRvIGN1c3Rv?= =?gb18030?q?mize_lttng_tracepoints_in_kernel_space?= Serica via lttng-dev
0 siblings, 1 reply; 3+ messages in thread
From: Mathieu Desnoyers via lttng-dev @ 2020-12-17 15:27 UTC (permalink / raw)
To: Serica; +Cc: lttng-dev
[-- Attachment #1.1: Type: text/plain, Size: 1632 bytes --]
----- On Dec 16, 2020, at 4:19 AM, lttng-dev <lttng-dev@lists.lttng.org> wrote:
> Hi,
> I send this email to consult that whether it is possible to customize lttng
> tracepoints in kernel space. I have learnt that lttng leverages linux
> tracepoint to collect audit logs like system calls. Also, I have found that
> user can define their customized tracepoints in user space by using lttng-ust
> so that they can trace their user applications.
> Is it possible for lttng users to customize the existing tracepoints in kernel
> space? For example, after the system call sys_clone, or read, called and then
> collected by lttng, I want to process some data ( e.g., the return value of the
> syscall ), and place the result in a new field in the audit log ( or using
> another approach, by emitting a new type of event in the audit log ), and later
> when parsed by babeltrace, we can see the newly-added field or event in the
> parsed result.
> Looking forward to your reply.
Hi,
You will want to start by having a look at this section of the LTTng documentation: https://lttng.org/docs/v2.12/#doc-instrumenting-linux-kernel
You can indeed modify lttng-modules to change the fields gathered by the system call tracing facility (see include/instrumentation/syscalls/README section (3)).
Those changes will be reflected in the resulting trace data.
Thanks,
Mathieu
> Best wishes,
> Serica
> _______________________________________________
> lttng-dev mailing list
> lttng-dev@lists.lttng.org
> https://lists.lttng.org/cgi-bin/mailman/listinfo/lttng-dev
--
Mathieu Desnoyers
EfficiOS Inc.
http://www.efficios.com
[-- Attachment #1.2: Type: text/html, Size: 2832 bytes --]
[-- Attachment #2: Type: text/plain, Size: 156 bytes --]
_______________________________________________
lttng-dev mailing list
lttng-dev@lists.lttng.org
https://lists.lttng.org/cgi-bin/mailman/listinfo/lttng-dev
^ permalink raw reply [flat|nested] 3+ messages in thread
* [lttng-dev] =?gb18030?b?u9i4tKO6ICBQb3NzaWJpbGl0aWVzIHRvIGN1c3Rv?= =?gb18030?q?mize_lttng_tracepoints_in_kernel_space?=
2020-12-17 15:27 ` Mathieu Desnoyers via lttng-dev
@ 2020-12-24 2:46 ` Serica via lttng-dev
0 siblings, 0 replies; 3+ messages in thread
From: Serica via lttng-dev @ 2020-12-24 2:46 UTC (permalink / raw)
To: =?gb18030?B?TWF0aGlldSBEZXNub3llcnM=?=; +Cc: =?gb18030?B?bHR0bmctZGV2?=
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1.1: Type: text/plain; charset="gb18030", Size: 2963 bytes --]
Hi,
Thanks for your reply. Some other stuff. I found that lttng is working on container awareness in this slides: https://archive.fosdem.org/2019/schedule/event/containers_lttng/attachments/slides/3419/export/events/attachments/containers_lttng/slides/3419/lttng_containers_fosdem19.pdf
On page #13, there is a command: lttng add-context -k -t procname -t pid -t vpid -t tid -t vtid -t pid_ns, where pid_ns and other namespace identifiers are very useful for tracing containers. However, it seems like that lttng of current version doesn't support adding context pid_ns(Error: Unknown context type pid_ns). Do you know how to enable these features?
Thanks a lot.
Btw, have a nice holiday!
Serica
------------------ ÔʼÓʼþ ------------------
·¢¼þÈË: "Mathieu Desnoyers" <mathieu.desnoyers@efficios.com>;
·¢ËÍʱ¼ä: 2020Äê12ÔÂ17ÈÕ(ÐÇÆÚËÄ) ÍíÉÏ11:27
ÊÕ¼þÈË: "Serica"<serica_law@qq.com>;
³ËÍ: "lttng-dev"<lttng-dev@lists.lttng.org>;
Ö÷Ìâ: Re: [lttng-dev] Possibilities to customize lttng tracepoints in kernel space
----- On Dec 16, 2020, at 4:19 AM, lttng-dev <lttng-dev@lists.lttng.org> wrote:
Hi,
I send this email to consult that whether it is possible to customize lttng tracepoints in kernel space. I have learnt that lttng leverages linux tracepoint to collect audit logs like system calls. Also, I have found that user can define their customized tracepoints in user space by using lttng-ust so that they can trace their user applications.
Is it possible for lttng users to customize the existing tracepoints in kernel space? For example, after the system call sys_clone, or read, called and then collected by lttng, I want to process some data ( e.g., the return value of the syscall ), and place the result in a new field in the audit log ( or using another approach, by emitting a new type of event in the audit log ), and later when parsed by babeltrace, we can see the newly-added field or event in the parsed result.
Looking forward to your reply.
Hi,
You will want to start by having a look at this section of the LTTng documentation: https://lttng.org/docs/v2.12/#doc-instrumenting-linux-kernel
You can indeed modify lttng-modules to change the fields gathered by the system call tracing facility (see include/instrumentation/syscalls/README section (3)).
Those changes will be reflected in the resulting trace data.
Thanks,
Mathieu
Best wishes,
Serica
_______________________________________________
lttng-dev mailing list
lttng-dev@lists.lttng.org
https://lists.lttng.org/cgi-bin/mailman/listinfo/lttng-dev
--
Mathieu Desnoyers
EfficiOS Inc.
http://www.efficios.com
[-- Attachment #1.2: Type: text/html, Size: 5149 bytes --]
[-- Attachment #2: Type: text/plain, Size: 156 bytes --]
_______________________________________________
lttng-dev mailing list
lttng-dev@lists.lttng.org
https://lists.lttng.org/cgi-bin/mailman/listinfo/lttng-dev
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2020-12-24 3:03 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-12-16 9:19 [lttng-dev] Possibilities to customize lttng tracepoints in kernel space Serica via lttng-dev
2020-12-17 15:27 ` Mathieu Desnoyers via lttng-dev
2020-12-24 2:46 ` [lttng-dev] =?gb18030?b?u9i4tKO6ICBQb3NzaWJpbGl0aWVzIHRvIGN1c3Rv?= =?gb18030?q?mize_lttng_tracepoints_in_kernel_space?= Serica via lttng-dev
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).