The Linux Trace Toolkit (LTT) is a set of tools that is designed to log program execution details from a patched Linux kernel and then perform various analyses on them, using console-based and graphical tools. LTT has been mostly superseded by its successor LTTng (Linux Trace Toolkit Next Generation).
LTT allows the user to see in-depth information about the processes that were running during the trace period, including when context switches occurred, how long the processes were blocked for, and how much time the processes spent executing vs. how much time the processes were blocked. The data is logged to a text file and various console-based and graphical (GTK+) tools are provided for interpreting that data.
In order to do data collection, LTT requires a patched Linux kernel. The authors of LTT claim that the performance hit for a patched kernel compared to a regular kernel is minimal; Their testing has reportedly shown that this is less than 2.5% on a "normal use" system (measured using batches of kernel makes) and less than 5% on a file I/O intensive system (measured using batches of tar).
Contents |
Starting data collection is as easy as:
trace 15 foo
This command will cause the LTT tracedaemon to do a trace that lasts for 15 seconds, writing trace data to foo.trace
and process information from the /proc
filesystem to foo.proc
.
The trace
command is actually a script which runs the program tracedaemon
with some common options. It is possible to run tracedaemon
directly and in that case, the user can use a number of command-line options to control the data which is collected. For the complete list of options supported by tracedaemon
, see the online manual page for tracedaemon.
Viewing the results of a trace can be accomplished with:
traceview foo
This command will launch a graphical (GTK+) traceview
tool that will read from foo.trace
and foo.proc
. This tool can show information in various interesting ways, including Event Graph, Process Analysis, and Raw Trace. The Event Graph is perhaps the most interesting view, showing the exact timing of events like page faults, interrupts, and context switches, in a simple graphical way.
The traceview
command is a wrapper for a program called tracevisualizer
. For the complete list of options supported by tracevisualizer
, see the online manual page for tracevisualizer.
|