commands.sh

bpftrace

linux

High-level tracing language for Linux eBPF.

More info →

Options (1)

-V, --versionboolean

Display version

Example: bpftrace {{[-V|--version]}}

Examples (6)

List all available probes

sudo bpftrace -l

Run a one-liner program (e.g. syscall count by program)

sudo bpftrace -e 'tracepoint:raw_syscalls:sys_enter { @[comm] = count(); }'

Run a program from a file

sudo bpftrace path/to/file

Trace a program by PID

sudo bpftrace -e 'tracepoint:raw_syscalls:sys_enter /pid == 123/ { @[comm] = count(); }'

Do a dry run and display the output in eBPF format

sudo bpftrace -d -e 'one_line_program'

Display version

bpftrace [-V|--version]
made by @shridhargupta | data from tldr-pages