1 # 2 # DTrace OneLiners 3 # 4 5 DTrace One Liners, 6 7 # New processes with arguments, 8 dtrace -n 'proc:::exec-success { trace(curpsinfo->pr_psargs); }' 9 10 # Files opened by process name, 11 dtrace -n 'syscall::open*:entry { printf("%s %s",execname,copyinstr(arg0)); }' 12 13 # Files created using creat() by process name, 14 dtrace -n 'syscall::creat*:entry { printf("%s %s",execname,copyinstr(arg0)); }' 15 16 # Syscall count by process name, 17 dtrace -n 'syscall:::entry { @num[execname] = count(); }' 18 19 # Syscall count by syscall, 20 dtrace -n 'syscall:::entry { @num[probefunc] = count(); }' 21 22 # Syscall count by process ID, 23 dtrace -n 'syscall:::entry { @num[pid,execname] = count(); }' 24 25 # Read bytes by process name, 26 dtrace -n 'sysinfo:::readch { @bytes[execname] = sum(arg0); }' 27 28 # Write bytes by process name, 29 dtrace -n 'sysinfo:::writech { @bytes[execname] = sum(arg0); }' 30 31 # Read size distribution by process name, 32 dtrace -n 'sysinfo:::readch { @dist[execname] = quantize(arg0); }' 33 34 # Write size distribution by process name, 35 dtrace -n 'sysinfo:::writech { @dist[execname] = quantize(arg0); }' 36 37 # Disk size by process ID, 38 dtrace -n 'io:::start { printf("%d %s %d",pid,execname,args[0]->b_bcount); }' 39 40 # Disk size aggregation 41 dtrace -n 'io:::start { @size[execname] = quantize(args[0]->b_bcount); }' 42 43 # Pages paged in by process name, 44 dtrace -n 'vminfo:::pgpgin { @pg[execname] = sum(arg0); }' 45 46 # Minor faults by process name, 47 dtrace -n 'vminfo:::as_fault { @mem[execname] = sum(arg0); }' 48 49 # Interrupts by CPU, 50 dtrace -n 'sdt:::interrupt-start { @num[cpu] = count(); }' 51 52 # CPU cross calls by process name, 53 dtrace -n 'sysinfo:::xcalls { @num[execname] = count(); }' 54 55 # Lock time by process name, 56 dtrace -n 'lockstat:::adaptive-block { @time[execname] = sum(arg1); }' 57 58 # Lock distribution by process name, 59 dtrace -n 'lockstat:::adaptive-block { @time[execname] = quantize(arg1); }' 60 61 # Kernel funtion calls by module 62 dtrace -n 'fbt:::entry { @calls[probemod] = count(); }' 63 64 # Stack size for processes 65 dtrace -n 'sched:::on-cpu { @[execname] = max(curthread->t_procp->p_stksize);}' 66 67 # Kill all top processes when they are invoked, 68 dtrace -wn 'syscall::exece:return /execname == "top"/ { raise(9); }' 69 70 71 72 DTrace Longer One Liners, 73 74 # New processes with arguments and time, 75 dtrace -qn 'syscall::exec*:return { printf("%Y %s\n",walltimestamp,curpsinfo->pr_psargs); }' 76 77 # Successful signal details, 78 dtrace -n 'proc:::signal-send /pid/ { printf("%s -%d %d",execname,args[2],args[1]->pr_pid); }' 79 80 81 82
Indexes created Tue Mar 03 05:31:39 UTC 2026