probe::syscall_any
Prev Chapter 36. Syscall Any Tapset Next

Name

probe::syscall_any — Record entry into a syscall

Synopsis

syscall_any

Values

syscall_nr

number of the syscall

name

name of the syscall

Context

The process performing the syscall

Description

The syscall_any probe point is designed to be a low overhead that monitors all the syscalls entered via a kernel tracepoint. Because of the breadth of syscalls it monitors it provides no information about the syscall arguments or argstr string representation of those arguments.

This requires kernel 3.5+ and newer which have the kernel.trace(sys_enter) probe point.

Prev Up Next
Chapter 36. Syscall Any Tapset Home probe::syscall_any.return