Hacker News new | past | comments | ask | show | jobs | submit login

You can do

    bpftrace -e 'tracepoint:syscalls:sys_enter_open* { printf("%d\n", pid); }'
but then you can't access the arguments of the different probes uniformly, i.e.

    bpftrace -e 'tracepoint:syscalls:sys_enter_open* { printf("%d %s\n", pid, str(args->filename)); }'
does not work.

You can do it like this:

    bpftrace -e 'tracepoint:syscalls:sys_enter_open { printf("%d %s\n", pid, str(args->filename)); } tracepoint:syscalls:sys_enter_openat { printf("%d %s\n", pid, str(args->filename)); }'
This is a bit awkward, but it seems that this will be fixed: https://github.com/iovisor/bpftrace/issues/132



Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: