Use LTTng . This is a modern Linux graphics kernel (runs on the user's territory) that installs in seconds (available as packages) if you use Ubuntu, Fedora, Arch Linux, Debian or openSUSE. Otherwise, it is still easy to get tarballs and follow the installation procedures.
Tracing
This trace is created:
$ sudo lttng create mySession Session mySession created. Traces will be written in /home/user/lttng-traces/mySession-20120619-103600 $ sudo lttng enable-event -k -a
Then make your usual stuff. All system calls, including ioctl , are recorded / recorded by LTTng with interesting parameters. The trace is written to the directory /home/user/lttng-traces/mySession-20120619-103600 . When you are finished recording, follow these steps:
$ sudo lttng stop Tracing stopped for session mySession $ sudo lttng destroy Session mySession destroyed at /home/ephipro
Although destroy doesn't sound good here, it doesn't actually destroy trace files; it just dumps everything and frees up any file link.
sudo is required everywhere as you track kernel events. You do not want any user to see all system calls and their parameters for obvious security reasons.
Track View
Two main viewers are now available. Babeltrace will provide you with a textual output of all captured events. You can get it with apt-get ( babeltrace ), otherwise just get the latest archive . Then just use grep to extract the ioctl calls from the huge outputs of the Babeltrace dump:
$ sudo babeltrace /home/user/lttng-traces/mySession-20120619-103600 | grep ioctl [10:36:41.795425690] (+0.000001403) sys_ioctl: { 1 }, { fd = 18, cmd = 62981, arg = 0 } [10:36:41.795435996] (+0.000000610) sys_ioctl: { 1 }, { fd = 18, cmd = 2148070920, arg = 139928632507464 } [10:36:41.795573431] (+0.000008840) sys_ioctl: { 1 }, { fd = 18, cmd = 62982, arg = 4096 } [10:36:41.795591089] (+0.000000854) sys_ioctl: { 1 }, { fd = 18, cmd = 62981, arg = 38520960 } [10:36:41.795595956] (+0.000000434) sys_ioctl: { 1 }, { fd = 18, cmd = 2148070920, arg = 139928632507464 } [10:36:41.796125261] (+0.000006110) sys_ioctl: { 1 }, { fd = 18, cmd = 62982, arg = 0 } [10:36:41.796185722] (+0.000000947) sys_ioctl: { 1 }, { fd = 18, cmd = 62981, arg = 38530304 } [10:36:41.796192688] (+0.000000628) sys_ioctl: { 1 }, { fd = 18, cmd = 2148070920, arg = 139928632507464 } [10:36:41.797155511] (+0.000003280) sys_ioctl: { 0 }, { fd = 18, cmd = 62982, arg = 0 } [10:36:41.797202362] (+0.000001995) sys_ioctl: { 0 }, { fd = 18, cmd = 62981, arg = 38529760 } ...
What you see here, at this time an event occurred, the name of the event and all its parameters and values.
Eclipse also has the full LTTng viewer in the Linux Tools plugin project. Simple steps:
- Go to the eclipse.org download page
- As part of the build for developers (until Eclipse Juno is released in a few days), get the Eclipse IDE for C / C ++ developers
- Remove and run it
Starting with Eclipse Juno, Linux tools are built into the Eclipse IDE for C / C ++ developers.
Then you can create a new trace project and import the trace. If you open the Tracing perspective, you will have access to useful views for visualizing events. Here is an example of the Histogram and Event views:
Here I used the Events view to save only ioctl calls, and you can clearly see that the content and timestamps correspond to the Babeltrace output.