dcsnoop(8) | System Manager's Manual | dcsnoop(8) |
dcsnoop - Trace directory entry cache (dcache) lookups. Uses Linux eBPF/bcc.
dcsnoop [-h] [-a]
By default, this traces every failed dcache lookup (cache miss), and shows the process performing the lookup and the filename requested. A -a option can be used to show all lookups, not just failed ones.
The output of this tool can be verbose, and is intended for further investigations of dcache performance beyond dcstat(8), which prints per-second summaries.
This uses kernel dynamic tracing of the d_lookup() function, and will need and will need updating to match any changes to this function.
Since this uses BPF, only the root user can use this tool.
CONFIG_BPF and bcc.
File name lookups can be frequent (depending on the workload), and this tool prints a line for each failed lookup, and with -a, each reference as well. The output may be verbose, and the incurred overhead, while optimized to some extent, may still be from noticeable to significant. This is only really intended for deeper investigations beyond dcstat(8), when absolutely necessary. Measure and quantify the overhead in a test environment before use.
This is from bcc.
Also look in the bcc distribution for a companion _examples.txt file containing example usage, output, and commentary for this tool.
Linux
Unstable - in development.
Brendan Gregg
2016-02-10 | USER COMMANDS |