From what I can see, a DTrace implementation on Linux is held up by licensing and politics. What are the alternatives currently?
2
-
anything new with dtrace on Linux?Syntax_Error– Syntax_Error2011-01-06 20:41:31 +00:00Commented Jan 6, 2011 at 20:41
-
1@Syntax_Error yes, you don't need it anymore: brendangregg.com/blog/2016-10-27/dtrace-for-linux-2016.htmlJanus Troelsen– Janus Troelsen2016-12-30 14:17:48 +00:00Commented Dec 30, 2016 at 14:17
Add a comment
|
6 Answers
Systemtap is designed to solve the same sort of problems as dtrace, and has a similar user interface – the user writes small scripts which attach actions to named probes.
It is said to be unstable, it's not usually compiled into your kernel by default, but once I got it working I didn't have any problems.
You can see how it compares to dtrace in this table on the systemtap website (May be partisan :-)
Dtrace has been partly ported to Linux by Paul Fox, an enthusiast, and is available for download for you to try - check out the links on his blog.
It has been said that kprobes are a dtrace replacement, but I've never tried them.
1 Comment
Pascal Thivent
I wasn't aware of that DTrace port, I'll check it out. Thanks.
SystemTap is a higher level abstraction built on Kprobes. For more information about how Kprobes work, you can read my technical article on LWN.
As Alex mentioned, Systemtap is essentially solving the same problem as dtrace, except that it's somewhat slower (you may not perceive it to be so, depending upon what you're trying to do with it) than dtrace and not quite as polished or safe to use.
To install SystemTap SDT development package, try:
yum install systemtap-sdt-devel
Comments
sysdig is a great solution now.
Some usage cases include (their wiki has some exceptionally interesting examples):
For Disk I/O
See the top processes in terms of disk bandwidth usage
sysdig -c topprocs_file
List the processes that are using a high number of files
sysdig -c fdcount_by proc.name "fd.type=file"
See the top files in terms of read+write bytes
sysdig -c topfiles_bytes
Print the top files that apache has been reading from or writing to
sysdig -c topfiles_bytes proc.name=httpd
Basic opensnoop: snoop file opens as they occur
sysdig -p "%12user.name %6proc.pid %12proc.name %3fd.num %fd.typechar %fd.name" evt.type=open
See the top directories in terms of R+W disk activity
sysdig -c fdbytes_by fd.directory "fd.type=file"
See the top files in terms of R+W disk activity in the /tmp directory
sysdig -c fdbytes_by fd.filename "fd.directory=/tmp/"
Observe the I/O activity on all the files named 'passwd'
sysdig -A -c echo_fds "fd.filename=passwd"
Display I/O activity by FD type
sysdig -c fdbytes_by fd.type
Comments
dtrace does exist for linux (https://github.com/dtrace4linux) and http://crtags.blogspot.com.
Comments
Oracle is porting DTrace to linux: https://oss.oracle.com/projects/DTrace/
Don't know wether this only works with their linux distribution or any other too.
1 Comment
Looks like they've now gone the whole hog: theregister.co.uk/2018/02/19/…
Linux has strace/ltrace (see this post about strace). But they aren't really equivalent to DTrace, they just cover a small part of what DTrace can do (actually, DTrace is vastly superior to anything Linux offers).
answered Jan 13, 2010 at 19:17
Pascal Thivent
572k140 gold badges1.1k silver badges1.1k bronze badges
1 Comment
Mircea Vutcovici
strace is closer to truss than to dtrace.