So I wanted to play a bit with Systemtap on Debian Jessie.
I installed it:
sudo apt-get install systemtap
Afterwards I wanted to run a quick one-liner:
fx@cloudhawk:~$ stap -L 'nd_syscall.*'
Checking "/lib/modules/3.16.0-4-amd64/build/.config" failed with error: No such file or directory
Tip: /usr/share/doc/systemtap/README.Debian should help you get started.
It failed, but hey, at least it provided a clue – the README.Debian
file.
So I looked at the provided doc in /usr/share/doc/systemtap/README.Debian
.
I mean, you would imagine that this would be the best place to look for tips on how to get it running.
To quote it:
To use systemtap you need to
manually install the linux-image-*-dbg and linux-header-* packages
that match your running kernel. To simplify this task you can use the
stap-prep command. Please always run this before reporting a bug.
Then it goes on talking about using vim-addon-manager
which makes no sense to me.
But ok, so far so good, the doc suggests to run stap-prep
.
fx@cloudhawk:~$ sudo stap-prep
/usr/bin/stap-prep: line 30: rpm: command not found
What the hell? RPM??? Crazy.
And if you look at the script, what it wants to do is to use yum
to install the dependencies.
Looks as if someone @Debian just blindly took this from RedHat/Centos.
But all you actually need to get Systemtap going on Debian is to do:
sudo apt-get install systemtap linux-image-`uname -r`-dbg linux-headers-`uname -r`
As simple as that.
Now it works:
fx@cloudhawk:~$ sudo stap -L 'nd_syscall.*'|head -n 5
nd_syscall.accept sockfd:long addr_uaddr:long addrlen_uaddr:long name:string argstr:string
nd_syscall.accept4 sockfd:long addr_uaddr:long addrlen_uaddr:long flags:long name:string flags_str:string argstr:string
nd_syscall.access name:string pathname:string mode:long mode_str:string argstr:string
nd_syscall.acct name:string filename:string argstr:string
nd_syscall.add_key name:string type_uaddr:long description_uaddr:long payload_uaddr:long plen:long ringid:long argstr:string