Forrest logo
tool overview
On this page you find all important commands for the CLI tool bpftrace. If the command you are looking for is missing please ask our AI.

bpftrace

bpftrace is a command-line tool and a high-level tracing language for Linux systems. It allows dynamic tracing of system and application behavior with powerful observability capabilities.

bpftrace is built upon the BPF (Berkeley Packet Filter) technology, which is a bytecode-based virtual machine in the Linux kernel. It leverages the power of eBPF (extended BPF) to perform non-intrusive, low-overhead tracing.

With bpftrace, users can write and execute scripts that attach to specific events or functions in the system, such as system calls, kernel functions, or user-space functions. These scripts can then trace and collect data in real-time, providing deep insights into performance, behavior, and dependencies within the system.

The bpftrace language is designed to be intuitive and expressive, enabling users to write complex tracing scripts with a simple syntax. It supports features like variables, functions, loops, conditionals, and aggregations, allowing users to analyze and summarize data effectively.

bpftrace can be used for various purposes, including performance analysis, debugging, troubleshooting, and security auditing. It provides a vast array of predefined probes and functions that can be used to trace different aspects of the system.

It also supports attaching to and tracing user-space applications using the uprobes functionality. This enables tracing of specific functions within any user-space process, which can be valuable for application-level analysis.

bpftrace has a wide range of output formats, including text-based output, histograms, flame graphs, and JSON. These output formats make it easy to visualize and interpret the collected tracing data.

bpftrace is a powerful tool for observability, enabling users to understand system behavior, identify bottlenecks, detect anomalies, and optimize performance. Its flexibility, low overhead, and ease of use make it a popular choice for Linux system tracing and analysis.

List of commands for bpftrace:

  • bpftrace:tldr:1c2ea bpftrace: List all available probes.
    $ sudo bpftrace -l
    try on your machine
    explain this command
  • bpftrace:tldr:4f8a5 bpftrace: Display bpftrace version.
    $ bpftrace -V
    try on your machine
    explain this command
  • bpftrace:tldr:ab077 bpftrace: Do a dry run and display the output in eBPF format.
    $ sudo bpftrace -d -e '${one_line_program}'
    try on your machine
    explain this command
  • bpftrace:tldr:b4dc3 bpftrace: Run a one-liner program (e.g. syscall count by program).
    $ sudo bpftrace -e '${tracepoint:raw_syscalls:sys_enter { @[comm] = count(); }}'
    try on your machine
    explain this command
  • bpftrace:tldr:dee1e bpftrace: Run a program from a file.
    $ sudo bpftrace ${filename}
    try on your machine
    explain this command
tool overview