User-space Process Tracing
libuptev | implement user/sys time + max rss | 2020-05-21 12:27:46 |
---|---|---|
libuptpl | formatting | 2020-05-21 12:00:46 |
python3 | add proc_id to Process | 2020-05-23 19:57:15 |
tests | implement pstree | 2020-05-23 16:38:21 |
upt-tool | upt-dump -> upt-tool, add parsing | 2020-05-23 16:11:51 |
upt-trace | implement upt-trace wrapper | 2020-05-22 13:32:43 |
.gitignore | first incomplete begin_proc event | 2020-05-17 10:22:00 |
CMakeLists.txt | upt-dump -> upt-tool, add parsing | 2020-05-23 16:11:51 |
README.md | PB2 event parsing in Python | 2020-05-23 13:15:14 |
exports | python3 module, exports, upt-dump | 2020-05-22 14:11:56 |
uproctrace.proto | implement user/sys time + max rss | 2020-05-21 12:27:46 |
UProcTrace traces process executions and process ends on Linux systems.
On process starts, UProcTrace records the time, the entire command line, working directory and environment. On process end, it logs the CPU time used by the process (split by user and kernel time) and the peak memory usage.
UProcTrace is implemented in user-space, so does not reuire any special kernel
modules. This means it can also be used in containers (e.g. docker) without
any changes the to conteiner host. The implementation is based on the
LD_PRELOAD
mechanism. A shared library is injected into each process
started. This libarary records trace events at begin of the process (when the
preload library is initialized) and at the end of the process (when the library
is de-initiazlied).
UProcTrace is developed on Debian Linux 10 "buster".
Install the prerequisites:
apt-get install -y build-essential cmake gcc \
libprotobuf-c-dev libprotobuf-dev
ninja-build \
protobuf-c-compiler protobuf-compiler \
pylint3 python3 python3-protobuf
Change to the directory of this REAMDE.md
file.
Configure a build directory:
mkdir build
cd build
cmake -G Ninja -D CMAKE_BUILD_TYPE=Release ..
Build:
ninja
Run tests:
ctest
Set up for direct usage from build directory (to be done in each shell):
source exports
To trace an application, prefix the command with upt-trace
and the
file name for the trace. For example, to trace the command
/usr/bin/printf "trace me"
run the following command:
upt-trace mytrace.proto /usr/bin/printf "trace me"
To show the recorded events, run:
upt-dump mytrace.proto
To show the capabilities of the UProcTrace, a process that calls several child processes is required. In this example, the build of UProcTrace is used for this purpose.
Change to the build directory.
Start a new shell to be traced:
upt-trace mytrace.proto bash
Configure another build directory for this tracing example and run the build:
mkdir example_trace_build
cd example_trace_build
cmake -G Ninja -D CMAKE_BUILD_TYPE=Release ../..
ninja
Stop tracing by ending the shell:
exit
Show traced information:
upt-dump mytrace.proto