tools/killsnoop_example.txt - platform/external/bcc - Gitiles

 Demonstrations of killsnoop, the Linux eBPF/bcc version.


 This traces signals sent via the kill() syscall. For example:

 # ./killsnoop
 TIME      PID    COMM             SIG  TPID   RESULT
 12:10:51  13967  bash             9    13885  0
 12:11:34  13967  bash             9    1024   -3
 12:11:41  815    systemd-udevd    15   14076  0

 The first line showed a SIGKILL (9) sent from PID 13967 (a bash shell) to
 PID 13885. The result, 0, means success.

 The second line showed the same signal sent, this time resulting in a -3
 (ESRCH: no such process).


 USAGE message:

 # ./killsnoop -h
 usage: killsnoop [-h] [-x] [-p PID]

 Trace signals issued by the kill() syscall

 optional arguments:
   -h, --help         show this help message and exit
   -x, --failed       only show failed kill syscalls
   -p PID, --pid PID  trace this PID only

 examples:
     ./killsnoop           # trace all kill() signals
     ./killsnoop -x        # only show failed kills
     ./killsnoop -p 181    # only trace PID 181
	Demonstrations of killsnoop, the Linux eBPF/bcc version.


	This traces signals sent via the kill() syscall. For example:

	# ./killsnoop
	TIME PID COMM SIG TPID RESULT
	12:10:51 13967 bash 9 13885 0
	12:11:34 13967 bash 9 1024 -3
	12:11:41 815 systemd-udevd 15 14076 0

	The first line showed a SIGKILL (9) sent from PID 13967 (a bash shell) to
	PID 13885. The result, 0, means success.

	The second line showed the same signal sent, this time resulting in a -3
	(ESRCH: no such process).


	USAGE message:

	# ./killsnoop -h
	usage: killsnoop [-h] [-x] [-p PID]

	Trace signals issued by the kill() syscall

	optional arguments:
	-h, --help show this help message and exit
	-x, --failed only show failed kill syscalls
	-p PID, --pid PID trace this PID only

	examples:
	./killsnoop # trace all kill() signals
	./killsnoop -x # only show failed kills
	./killsnoop -p 181 # only trace PID 181