-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathstrace_timefork.json
48 lines (48 loc) · 1.63 KB
/
strace_timefork.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
{
"strace_timefork_log" : {
"title" : "Strace with timestmaps and forks",
"description" : "The strace output format with timestamps, forking, and a long string length to avoid truncation. Command example = strace -s 2048 -f -tt -o /path/to/output.file <binary_to_trace>",
"url" : "http://en.wikipedia.org/wiki/Strace",
"regex" : {
"std" : {
"pattern" : "^(?<pid>\\d+)\\s+(?<timestamp>\\d{2}:\\d{2}:\\d{2}\\.\\d{6}) (?<syscall>\\w+)\\((?<body>.*)\\)\\s+=\\s+(?<rc>[-\\w]+)(?: (?<errno>\\w+) \\([^\\)]+\\))?(?: <(?<duration>\\d+\\.\\d+)>)?$"
}
},
"level-field" : "errno",
"level" : {
"error" : ".+"
},
"opid-field" : "pid",
"value" : {
"pid" : {
"kind" : "integer",
"identifier" : true
},
"syscall" : {
"kind" : "string",
"identifier" : true
},
"args" : {
"kind" : "string"
},
"rc" : {
"kind" : "integer"
},
"duration" : {
"kind" : "float"
},
"errno" : {
"kind" : "string",
"identifier" : true
}
},
"sample" : [
{
"line" : "12406 08:09:33.814936 execve(\"/bin/ls\", [\"ls\"], [/* 38 vars */]) = 0 <0.000264>"
},
{
"line" : "7210 08:09:33.815943 access(\"/etc/ld.so.nohwcap\", F_OK) = -1 ENOENT (No such file or directory) <0.000019>"
}
]
}
}