[lttng-dev] 回复: Possibilities to customize lttng tracepoints in kernel space

Serica serica_law at qq.com
Wed Dec 23 21:46:33 EST 2020


Thanks for your reply. Some other stuff. I found that lttng is working on container awareness in this slides: https://archive.fosdem.org/2019/schedule/event/containers_lttng/attachments/slides/3419/export/events/attachments/containers_lttng/slides/3419/lttng_containers_fosdem19.pdf

On page #13, there is a command:  lttng add-context -k -t procname -t pid -t vpid -t tid -t vtid -t pid_ns, where pid_ns and other namespace identifiers are very useful for tracing containers. However, it seems like that lttng of current version doesn't support adding context pid_ns(Error: Unknown context type pid_ns). Do you know how to enable these features?

Thanks a lot.
Btw, have a nice holiday!


------------------ 原始邮件 ------------------
发件人:                                                                                                                        "Mathieu Desnoyers"                                                                                    <mathieu.desnoyers at efficios.com>;
发送时间: 2020年12月17日(星期四) 晚上11:27
收件人: "Serica"<serica_law at qq.com>;
抄送: "lttng-dev"<lttng-dev at lists.lttng.org>;
主题: Re: [lttng-dev] Possibilities to customize lttng tracepoints in kernel space

----- On Dec 16, 2020, at 4:19 AM, lttng-dev <lttng-dev at lists.lttng.org> wrote:


I send this email to consult that whether it is possible to customize lttng tracepoints in kernel space. I have learnt that lttng leverages linux tracepoint to collect audit logs like system calls. Also, I have found that user can define their customized tracepoints in user space by using lttng-ust so that they can trace their user applications.

Is it possible for lttng users to customize the existing tracepoints in kernel space? For example, after the system call sys_clone, or read, called and then collected by lttng, I want to process some data ( e.g., the return value of the syscall ), and place the result in a new field in the audit log ( or using another approach, by emitting a new type of event in the audit log ), and later when parsed by babeltrace, we can see the newly-added field or event in the parsed result.

Looking forward to your reply.


You will want to start by having a look at this section of the LTTng documentation: https://lttng.org/docs/v2.12/#doc-instrumenting-linux-kernel

You can indeed modify lttng-modules to change the fields gathered by the system call tracing facility (see include/instrumentation/syscalls/README section (3)).
Those changes will be reflected in the resulting trace data.



Best wishes,


lttng-dev mailing list
lttng-dev at lists.lttng.org


Mathieu Desnoyers
EfficiOS Inc.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.lttng.org/pipermail/lttng-dev/attachments/20201224/ad951c68/attachment.htm>

More information about the lttng-dev mailing list