bcc: BPF based kernel analysis utilities

tux_compbcc is a collection of tracing and monitoring tools on Linux written around eBPF (Extended Berkeley Packet Filter), an in-kernel VM. BPF is one of the latest mechanisms of its kind built into the kernel (at the time of writing) and finds its use in networking, tracing, in-kernel optimizations and hardware optimizations. bcc provides both kernel-level and user-level tracing options.

Features

  • kernel instrumentation in C, frontend in python
  • both static and dynamic tracing available
  • many performance analysis tools included
  • show disk I/O latency histogram
  • trace a single process
  • detect new processes
  • per-interval summaries (e.g. VFS statistics)
  • detect show ext4 operations
  • view run-queue latency
  • view TCP connections
  • stack profiling and tracing
  • customized tracing
  • trace node.js USDT probes

The set of utilities in bcc can replace many of the regular kernel and user-space utilities. As the stats come directly from the kernel, the data is near-real time too.

Installation

Many utilities in bcc need at least kernel 4.1 to function properly.

Instructions to install bcc on Ubuntu, Fedora and Arch can be found here. Note that BFC needs to be enabled in the kernel to support bcc utilities.

Rating

Features: 4.5/5
Usability: intended for avanced users and developers

Webpage: bcc

Comment

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s