[ Next Article | Previous Article | Book Contents | Library Home | Legal | Search ]
Commands Reference, Volume 5

syscalls Command

Purpose

Provides system call tracing and counting for specific processes and the system.

Syntax

To Create or Destroy Buffer:

syscalls [ [ -enable  bytes ]| -disable  ]

To Print System Call Counts:

syscalls -c

To Print System Call Events or Start Tracing:

syscalls-o  filename ] [ -t  ] { [ [ -p pid ] -start | -stop  ] | -x  program }

Description

The syscalls (system call tracing) command, captures system call entry and exit events by individual processes or all processes on the system. The syscalls command can also maintain counts for all system calls made over long periods of time.

Notes:
  1. System call events are logged in a shared-memory trace buffer. The same shared memory identifier may be used by other processes resulting in a collision. In such circumstances, the -enable flag needs to be issued.
  2. The syscalls command does not use the trace daemon.
  3. The system crashes if ipcrm -M sharedmemid is run after syscalls has been run. Run stem -shmkill instead of running ipcrm -M to remove the shared memory segment.

Flags

-c Prints a summary of system call counts for all processes. The counters are not reset.
-disable Destroys the system call buffer and disables system call tracing and counting.
-enable bytes Creates the system call trace buffer. If this flag is not used, the syscalls command creates a buffer of the default size of 819,200 bytes. Use this flag if events are not being logged in the buffer. This is the result of a collision with another process using the same shared memory buffer ID.
-o filename Prints output to filename rather than standard out.
-p pid When used with the -start flag, only events for processes with this pid will be logged in the syscalls buffer. When used with the -stop option, syscalls filters the data in the buffer and only prints output for this pid.
-start Resets the trace buffer pointer. This option enables the buffer if it does not exist and resets the counters to zero.
-stop Stops the logging of system call events and prints the contents of the buffer.
-t Prints the time associated with each system call event alongside the event.
-x program Runs program while logging events for only that process. The buffer is enabled if needed.

Security

Access Control: You must be root or a member of the perf group to run this command.

Examples

  1. To collect system calls for a particular program, enter:
    syscalls -x /bin/ps
    Output similar to the following appears:
       PID    TTY  TIME CMD
     19841  pts/4  0:01 /bin/ksh 
     23715  pts/4  0:00 syscalls -x /bin/ps 
     30720  pts/4  0:00 /bin/ps 
     34972  pts/4  0:01 ksh
       PID   System Call          
     30720           .kfork  Exit , return=0  Call preceded tracing.
     30720          .getpid  () = 30720
     30720       .sigaction  (2, 2ff7eba8, 2ff7ebbc) = 0
     30720       .sigaction  (3, 2ff7eba8, 2ff7ebcc) = 0
     30720     .sigprocmask  (0, 2ff7ebac, 2ff7ebdc) = 0
     30720       .sigaction  (20, 2ff7eba8, 2ff7ebe8) = 0
     30720           .kfork  () = 31233
     30720        .kwaitpid  (2ff7ebfc, 31233, 0, 0) = 31233
     30720       .sigaction  (2, 2ff7ebbc, 0) = 0
     30720       .sigaction  (3, 2ff7ebcc, 0) = 0
     30720       .sigaction  (20, 2ff7ebe8, 0) = 0
     30720     .sigprocmask  (2, 2ff7ebdc, 0) = 0
     30720         .getuidx  (4) = 0
     30720         .getuidx  (2) = 0
     30720         .getuidx  (1) = 0
     30720         .getgidx  (4) = 0
     30720         .getgidx  (2) = 0
     30720         .getgidx  (1) = 0
     30720           ._load  NoFormat, (0x2ff7ef54, 0x0, 0x0, 0x2ff7ff58) = 537227760
     30720            .sbrk  (65536) = 537235456
     30720          .getpid  () = 30720
  2. To produce a count of system calls made by all processes, enter:
    syscalls -start
    followed by entering:
    syscalls -c
    Output similar to the following appears:
     System Call Counts for all processes
           5041      .lseek
           4950      .kreadv
            744      .sigaction
            366      .close
            338      .sbrk
            190      .kioctl
            120      .getuidx
            116      .kwritev
            108      .kfcntl
            105      .getgidx
             95      .kwaitpid
             92      .gettimer
             92      .select
             70      .getpid
             70      .sigprocmask
             52      .execve
             51      ._exit
             51      .kfork
             35      .open
             35      ._load
             33      .pipe
             33      .incinterval
             28      .sigreturn
             27      .access
             16      .brk 
             15      .times
             15      .privcheck
             15      .gettimerid
             10      .statx
              9      .STEM_R10string
              4      .sysconfig
              3      .P2counters_accum
              3      .shmget
              3      .shmat
              2      .setpgid
              2      .shmctl
              2      .kioctl
              1      .Patch_Demux_Addr_2
              1      .Patch_Demux_Addr_High
              1      .STEM_R3R4string
              1      .shmdt
              1      .Stem_KEX_copy_demux_entry
              1      .STEM_R3R4string
              1      .Patch_Demux_Addr_1
              1      .pause
              1      .accessx

Files

/usr/bin/syscalls Contains the syscalls command.

Related Information

The stem command.


[ Next Article | Previous Article | Book Contents | Library Home | Legal | Search ]