What is system Tap ?
SystemTap provides environment to get more information on almost any component within the kernel so that it may be further analysed. OR SystemTap is tool which provides facility to user to study and monitor the activities of the kernel in detail.
What we need to run system tap ?
- Need below group of packages to run system tap in system :
- kernel-debuginfo
- kernel-debuginfo-common
- kernel-devel
- systemtap-runtime
- gcc
How to run SystemTap ?
SystemTap scripts are run through the command stap. stap can run SystemTap scripts from standard input or from file.
To run systemstap user need root privileges, not all users can run systemstap. To allow secondary users to run SystemTap without root access need to add them to one of these user groups : "stapdev" , "stapusr"
How SystemTap works ?
- It runs in following fashion :
First, SystemTap checks the script against the existing tapset library for any tapsets used. SystemTap will then add any located tapsets with their corresponding definitions in the tapset library.
SystemTap then translates the script to C, running the system C compiler to create a kernel module from it.
SystemTap loads the module, then enables all the probes (events and handlers) in the script.
- As the events occur, their corresponding handlers are executed.
- Once the systemTap session is terminated, the probes are disabled, and the kernel module is unloaded.
- In short, When we run systemtap, systemtap builds a kernel module out of that script and then loads the module into the kernel. Once this done kernel allows it to extract specified data directly from kernel.
To get more information on system tap refer below link : https://sourceware.org/systemtap/