DOT-Files/Gentoo/gentooamd/home/user/.tldrc/tldr/pages/linux/bpftrace.md

# bpftrace

> High-level tracing language for Linux eBPF.
> More information: <https://github.com/bpftrace/bpftrace/blob/master/man/adoc/bpftrace.adoc>.

- List all available probes:

`sudo bpftrace -l`

- Run a one-liner program (e.g. syscall count by program):

`sudo bpftrace -e '{{tracepoint:raw_syscalls:sys_enter { @[comm] = count(); }}}'`

- Run a program from a file:

`sudo bpftrace {{path/to/file}}`

- Trace a program by PID:

`sudo bpftrace -e '{{tracepoint:raw_syscalls:sys_enter /pid == 123/ { @[comm] = count(); }}}'`

- Do a dry run and display the output in eBPF format:

`sudo bpftrace -d -e '{{one_line_program}}'`

- Display version:

`bpftrace {{[-V|--version]}}`
Re-initialze to remove the 1GB binary lmstudio 2025-03-14 21:59:59 -06:00			`# bpftrace`

			`> High-level tracing language for Linux eBPF.`
Automated updated process of shell scripts and DOT Files (gentooamd) 2025-05-08 12:26:01 -06:00			`> More information: <https://github.com/bpftrace/bpftrace/blob/master/man/adoc/bpftrace.adoc>.`
Re-initialze to remove the 1GB binary lmstudio 2025-03-14 21:59:59 -06:00
			`- List all available probes:`

			`sudo bpftrace -l`

			`- Run a one-liner program (e.g. syscall count by program):`

			`sudo bpftrace -e '{{tracepoint:raw_syscalls:sys_enter { @[comm] = count(); }}}'`

			`- Run a program from a file:`

			`sudo bpftrace {{path/to/file}}`

			`- Trace a program by PID:`

			`sudo bpftrace -e '{{tracepoint:raw_syscalls:sys_enter /pid == 123/ { @[comm] = count(); }}}'`

			`- Do a dry run and display the output in eBPF format:`

			`sudo bpftrace -d -e '{{one_line_program}}'`
Automated updated process of shell scripts and DOT Files (gentooamd) 2025-07-24 22:27:13 -06:00
			`- Display version:`

			`bpftrace {{[-V\|--version]}}`