man/man8/killsnoop.8 - platform/external/bcc - Gitiles

 .TH killsnoop 8  "2015-08-20" "USER COMMANDS"
 .SH NAME
 killsnoop \- Trace signals issued by the kill() syscall. Uses Linux eBPF/bcc.
 .SH SYNOPSIS
 .B killsnoop [\-h] [\-x] [-p PID]
 .SH DESCRIPTION
 killsnoop traces the kill() syscall, to show signals sent via this method. This
 may be useful to troubleshoot failing applications, where an unknown mechanism
 is sending signals.

 This works by tracing the kernel sys_kill() function using dynamic tracing, and
 will need updating to match any changes to this function.

 This makes use of a Linux 4.5 feature (bpf_perf_event_output());
 for kernels older than 4.5, see the version under tools/old,
 which uses an older mechanism.

 Since this uses BPF, only the root user can use this tool.
 .SH REQUIREMENTS
 CONFIG_BPF and bcc.
 .SH OPTIONS
 .TP
 \-h
 Print usage message.
 .TP
 \-x
 Only print failed kill() syscalls.
 .TP
 \-p PID
 Trace this process ID only (filtered in-kernel).
 .SH EXAMPLES
 .TP
 Trace all kill() syscalls:
 #
 .B killsnoop
 .TP
 Trace only kill() syscalls that failed:
 #
 .B killsnoop \-x
 .TP
 Trace PID 181 only:
 #
 .B killsnoop \-p 181
 .SH FIELDS
 .TP
 TIME
 Time of the kill call.
 .TP
 PID
 Source process ID
 .TP
 COMM
 Source process name
 .TP
 SIG
 Signal number. See signal(7).
 .TP
 TPID
 Target process ID
 .TP
 RES
 Result. 0 == success, a negative value (of the error code) for failure.
 .SH OVERHEAD
 This traces the kernel kill function and prints output for each event. As the
 rate of this is generally expected to be low (< 100/s), the overhead is also
 expected to be negligible. If you have an application that is calling a very
 high rate of kill()s for some reason, then test and understand overhead before
 use.
 .SH SOURCE
 This is from bcc.
 .IP
 https://github.com/iovisor/bcc
 .PP
 Also look in the bcc distribution for a companion _examples.txt file containing
 example usage, output, and commentary for this tool.
 .SH OS
 Linux
 .SH STABILITY
 Unstable - in development.
 .SH AUTHOR
 Brendan Gregg
 .SH SEE ALSO
 opensnoop(8), funccount(8)
	.TH killsnoop 8 "2015-08-20" "USER COMMANDS"
	.SH NAME
	killsnoop \- Trace signals issued by the kill() syscall. Uses Linux eBPF/bcc.
	.SH SYNOPSIS
	.B killsnoop [\-h] [\-x] [-p PID]
	.SH DESCRIPTION
	killsnoop traces the kill() syscall, to show signals sent via this method. This
	may be useful to troubleshoot failing applications, where an unknown mechanism
	is sending signals.

	This works by tracing the kernel sys_kill() function using dynamic tracing, and
	will need updating to match any changes to this function.

	This makes use of a Linux 4.5 feature (bpf_perf_event_output());
	for kernels older than 4.5, see the version under tools/old,
	which uses an older mechanism.

	Since this uses BPF, only the root user can use this tool.
	.SH REQUIREMENTS
	CONFIG_BPF and bcc.
	.SH OPTIONS
	.TP
	\-h
	Print usage message.
	.TP
	\-x
	Only print failed kill() syscalls.
	.TP
	\-p PID
	Trace this process ID only (filtered in-kernel).
	.SH EXAMPLES
	.TP
	Trace all kill() syscalls:
	#
	.B killsnoop
	.TP
	Trace only kill() syscalls that failed:
	#
	.B killsnoop \-x
	.TP
	Trace PID 181 only:
	#
	.B killsnoop \-p 181
	.SH FIELDS
	.TP
	TIME
	Time of the kill call.
	.TP
	PID
	Source process ID
	.TP
	COMM
	Source process name
	.TP
	SIG
	Signal number. See signal(7).
	.TP
	TPID
	Target process ID
	.TP
	RES
	Result. 0 == success, a negative value (of the error code) for failure.
	.SH OVERHEAD
	This traces the kernel kill function and prints output for each event. As the
	rate of this is generally expected to be low (< 100/s), the overhead is also
	expected to be negligible. If you have an application that is calling a very
	high rate of kill()s for some reason, then test and understand overhead before
	use.
	.SH SOURCE
	This is from bcc.
	.IP
	https://github.com/iovisor/bcc
	.PP
	Also look in the bcc distribution for a companion _examples.txt file containing
	example usage, output, and commentary for this tool.
	.SH OS
	Linux
	.SH STABILITY
	Unstable - in development.
	.SH AUTHOR
	Brendan Gregg
	.SH SEE ALSO
	opensnoop(8), funccount(8)