Thank you David.
We did consider the lttng toolchain, but we ended up building our own
driver for a couple of reasons:
- we do some custom work encoding events in the kernel so that they're
ready to be consumed at user level
- we perform some additional work in the kernel (e.g. resolving network
FD into tuples)
- our use case is currently requires a pretty small subset of the lttng
instrumentation facilities
But we really love lttng, so I don't exclude taking a better look in the
future, and looking into bridging the gaps as you propose. :-)
Filtering the activity of a specific process is quite easy and can be
done with
sysdig proc.name=MYAPP
or
sysdig proc.pid=MYPID
Use
sysdig -l for a list of filtering fields that you can use.
Loris
On 4/3/2014 11:11 AM, David Goulet wrote:
Hi Loris,
I have to say that I'm quite impress with the analysis tool you guys
have (Chisel).
Quick very useful command for monitoring use cases, very nice stuff.
Question time! Have you at some point consider using LTTng toolchain for
the tracing part? Using the lttng-modules for your probes, lttng-ctl for
tracing control, etc... ?
There is one thing I can see that you do have that we don't and it's the
ability to extract the data from the syscall payload so I guess that
might have been a limitation with LTTng. I'm curious what are you tought
on LTTng vis-a-vis sysdig.
Do you have plans to have support for "sysdig MYAPP" like strace does
which would filter events based on MYAPP pid/name? Because with that, we
can retire strace :). This is something we are working towards with
LTTng, a "lttng trace MYAPP" command that live print the trace.
Your project is quite close to some LTTng features so I'm wondering here
how can we bridge the gaps (if we can).
Anyway, good job and congrats for this first release! :)
Cheers!
David
On 03 Apr (10:33:13), Loris Degioanni wrote:
I’d like to announce sysdig, a new open source project that I believe could
be interesting to the LTTng community. Sysdig is designed to offer a novel,
Wireshark-like approach to system tracing.
http://www.sysdig.org/
https://github.com/draios/sysdig
Sysdig is similar to lttng from the instrumentation point of view, but is
like a mix between tcpdump, strace and lsof. It adds a set of layers on top
of traditional kernel-level instrumentation to reconstruct state, decode and
filter information.
It comes packed with a set of pretty cool features: the ability to create
system trace files in the wireshark-compatible pcap-ng format, an easy to
use filtering language, scripting in Lua, and a libpcap-like capture library
that can be used to build new tools on top of the capture infrastructure.
I’d love to hear what you all think. And, if you do enjoy using sysdig, we
could really use your help spreading the word.
Thanks!
_______________________________________________
lttng-dev mailing list
[email protected]
http://lists.lttng.org/cgi-bin/mailman/listinfo/lttng-dev
_______________________________________________
lttng-dev mailing list
[email protected]
http://lists.lttng.org/cgi-bin/mailman/listinfo/lttng-dev
_______________________________________________
lttng-dev mailing list
[email protected]
http://lists.lttng.org/cgi-bin/mailman/listinfo/lttng-dev
