syscount - count system calls. Uses Linux perf_events.

       Brendan Gregg

       This is a proof-of-concept using perf_events capabilities for older kernel versions, that lack custom in-
       kernel  aggregations.  Once  they  exist,  this script can be substantially rewritten and improved (lower
       overhead).

       Trace and summarize syscalls by process name:
              # syscount

       Trace and summarize syscalls by syscall name (lower overhead):
              # syscount-c

       Trace for 5 seconds, showing by process name:
              # syscount-d5

       Trace PID 932 only, and show by syscall name (lower overhead):
              # syscount-cp923

       Execute the """ls""" command, and show by syscall name:
              # syscount-cls

       PID    Process ID.

       COMM   Process command name.

       SYSCALL
              Syscall name.

       COUNT  Number of syscalls during tracing.

       syscount - count system calls. Uses Linux perf_events.

       -c     Show counts by syscall name. This mode (without  -v)  uses  in-kernel  counts,  which  have  lower
              overhead than the default mode.

       -h     Usage message.

       -v     Verbose: include PID.

       -p PID Trace this process ID only.

       -d seconds
              Duration of trace in seconds.

       command
              Run and trace this command.

       Linux

       Modes  that  report  syscall  names  only (-c, -cp PID, -cd secs) have lower overhead, since they use in-
       kernel counts. Other modes which report process IDs (-cv) or process names (default) create  a  perf.data
       file  for  post  processing, and you will see messages about it doing this. Beware of the file size (test
       for short durations, or use -c to see counts based on in-kernel counters), and gauge overheads  based  on
       the perf.data size.

       Note  that  this  script  delibrately  does  not  pipe  perf  record  into perf script, which would avoid
       perf.data, because it can create a feedback loop where the perf script syscalls are  recorded.  Hopefully
       there  will  be  a  fix  for  this  in a later perf version, so perf.data can be skipped, or other kernel
       features to aggregate by process name in-kernel directly (eg, via eBPF, ktap, or SystemTap).

       Linux perf_events: add linux-tools-common, run "perf", then add any additional packages it requests. Also
       needs awk.

iosnoop(8), iolatency(8), iostat(1)

USER COMMANDS                                      2014-07-07                                        syscount(8)

       This is from the perf-tools collection.

              https://github.com/brendangregg/perf-tools

       Also look under the examples directory for a text file containing example usage, output,  and  commentary
       for this tool.

       Unstable - in development.

syscount [-chv] [-t top] {-p PID|-d seconds|command}