[ Next Article | Previous Article | Book Contents | Library Home | Legal | Search ]
Commands Reference, Volume 5

syscalls Command

Purpose

Provides system call tracing and counting for specific processes and the system.

Syntax

To Create or Destroy Buffer:

syscalls [ [ -enable  bytes ]| -disable  ]

To Print System Call Counts:

syscalls -c

To Print System Call Events or Start Tracing:

syscalls-o  filename ] [ -t  ] { [ [ -p pid ] -start | -stop  ] | -x  program }

Description

The syscalls (system call tracing) command, captures system call entry and exit events by individual processes or all processes on the system. The syscalls command can also maintain counts for all system calls made over long periods of time.

Notes:
  1. System call events are logged in a shared-memory trace buffer. The same shared memory identifier may be used by other processes resulting in a collision. In such circumstances, the -enable flag needs to be issued.
  2. The syscalls command does not use the trace daemon.
  3. The system crashes if ipcrm -M sharedmemid is run after syscalls has been run. Run stem -shmkill instead of running ipcrm -M to remove the shared memory segment.

Flags

-c Prints a summary of system call counts for all processes. The counters are not reset.
-disable Destroys the system call buffer and disables system call tracing and counting.
-enable bytes Creates the system call trace buffer. If this flag is not used, the syscalls command creates a buffer of the default size of 819,200 bytes. Use this flag if events are not being logged in the buffer. This is the result of a collision with another process using the same shared memory buffer ID.
-o filename Prints output to filename rather than standard out.
-p pid When used with the -start flag, only events for processes with this pid will be logged in the syscalls buffer. When used with the -stop option, syscalls filters the data in the buffer and only prints output for this pid.
-start Resets the trace buffer pointer. This option enables the buffer if it does not exist and resets the counters to zero.
-stop Stops the logging of system call events and prints the contents of the buffer.
-t Prints the time associated with each system call event alongside the event.
-x program Runs program while logging events for only that process. The buffer is enabled if needed.

Security

Access Control: You must be root or a member of the perf group to run this command.

Examples

  1. To collect system calls for a particular program, enter: 
    syscalls -x /bin/ps
    Output similar to the following appears: 
       PID    TTY  TIME CMD
 19841  pts/4  0:01 /bin/ksh 
 23715  pts/4  0:00 syscalls -x /bin/ps 
 30720  pts/4  0:00 /bin/ps 
 34972  pts/4  0:01 ksh
   PID   System Call          
 30720           .kfork  Exit , return=0  Call preceded tracing.
 30720          .getpid  () = 30720
 30720       .sigaction  (2, 2ff7eba8, 2ff7ebbc) = 0
 30720       .sigaction  (3, 2ff7eba8, 2ff7ebcc) = 0
 30720     .sigprocmask  (0, 2ff7ebac, 2ff7ebdc) = 0
 30720       .sigaction  (20, 2ff7eba8, 2ff7ebe8) = 0
 30720           .kfork  () = 31233
 30720        .kwaitpid  (2ff7ebfc, 31233, 0, 0) = 31233
 30720       .sigaction  (2, 2ff7ebbc, 0) = 0
 30720       .sigaction  (3, 2ff7ebcc, 0) = 0
 30720       .sigaction  (20, 2ff7ebe8, 0) = 0
 30720     .sigprocmask  (2, 2ff7ebdc, 0) = 0
 30720         .getuidx  (4) = 0
 30720         .getuidx  (2) = 0
 30720         .getuidx  (1) = 0
 30720         .getgidx  (4) = 0
 30720         .getgidx  (2) = 0
 30720         .getgidx  (1) = 0
 30720           ._load  NoFormat, (0x2ff7ef54, 0x0, 0x0, 0x2ff7ff58) = 537227760
 30720            .sbrk  (65536) = 537235456
 30720          .getpid  () = 30720
  2. To produce a count of system calls made by all processes, enter: 
    syscalls -start
    followed by entering: 
    syscalls -c
    Output similar to the following appears: 
     System Call Counts for all processes
       5041      .lseek
       4950      .kreadv
        744      .sigaction
        366      .close
        338      .sbrk
        190      .kioctl
        120      .getuidx
        116      .kwritev
        108      .kfcntl
        105      .getgidx
         95      .kwaitpid
         92      .gettimer
         92      .select
         70      .getpid
         70      .sigprocmask
         52      .execve
         51      ._exit
         51      .kfork
         35      .open
         35      ._load
         33      .pipe
         33      .incinterval
         28      .sigreturn
         27      .access
         16      .brk 
         15      .times
         15      .privcheck
         15      .gettimerid
         10      .statx
          9      .STEM_R10string
          4      .sysconfig
          3      .P2counters_accum
          3      .shmget
          3      .shmat
          2      .setpgid
          2      .shmctl
          2      .kioctl
          1      .Patch_Demux_Addr_2
          1      .Patch_Demux_Addr_High
          1      .STEM_R3R4string
          1      .shmdt
          1      .Stem_KEX_copy_demux_entry
          1      .STEM_R3R4string
          1      .Patch_Demux_Addr_1
          1      .pause
          1      .accessx

Files

/usr/bin/syscalls Contains the syscalls command.

Related Information

The stem command.

[ Next Article | Previous Article | Book Contents | Library Home | Legal | Search ]