lindi3:~$ sudo apt-get install systemtap # Now, that was easy! Let's try to use it: lindi3:~$ stap -e 'probe syscall.open { printf("%s\n", argstr); }' Checking "/lib/modules/2.6.32-5-amd64/build/.config" failed: No such file or directory Ensure kernel development headers & makefiles are installed. # Hmm. Since we have lindi3:~$ uname -r 2.6.32-5-amd64 # we probably should install lindi3:~$ sudo apt-get install linux-headers-2.6.32-5-amd64 # Let's try again: lindi3:~$ stap -e 'probe syscall.open { printf("%s\n", argstr); }' semantic error: no match while resolving probe point syscall.open Pass 2: analysis failed. Try again with another '--vp 01' option. # Apparently we should install debug symbols too: lindi3:~$ sudo apt-get install linux-image-2.6.32-5-amd64-dbg # Better? lindi3:~$ stap -e 'probe syscall.open { printf("%s\n", argstr); }' sh: make: not found Pass 4: compilation failed. Try again with another '--vp 0001' option. # Ah, let's install make: lindi3:~$ sudo apt-get install make # Now? lindi3:~$ stap -e 'probe syscall.open { printf("%s\n", argstr); }' sh: /usr/bin/staprun: Permission denied Pass 5: run failed. Try again with another '--vp 00001' option. # Hmm? Fortunately "man stap" tells us about "stapusr" and "stapdev" groups: lindi3:~$ id uid=548(lindi) gid=500(kurp) groups=500(kurp),20(dialout),24(cdrom),25(floppy),29(audio),44(video),46(plugdev) lindi3:~$ sudo adduser lindi stapusr lindi3:~$ logout lindi3:~$ id uid=548(lindi) gid=500(kurp) groups=500(kurp),20(dialout),24(cdrom),25(floppy),29(audio),44(video),46(plugdev),120(stapusr) lindi3:~$ stap -e 'probe syscall.open { printf("%s\n", argstr); }' ERROR: Unable to verify the signature for the module /tmp/stapWvw2Hx/stap_7d3a00864b11ea4df38c275069f79aed_16976.ko. Members of the "stapusr" group can only use unsigned modules within the "/lib/modules/2.6.32-5-amd64/systemtap" directory. Unable to canonicalize that directory: No such file or directory Pass 5: run failed. Try again with another '--vp 00001' option. lindi3:~$ sudo adduser lindi stapdev lindi3:~$ stap -e 'probe syscall.open { printf("%s\n", argstr); }' ERROR: Build-id mismatch: "kernel" vs. "vmlinux-2.6.32-5-amd64" byte 0 (0x4a vs 0xb4) Pass 5: run failed. Try again with another '--vp 00001' option. # What? Apparently we are running 2.6.32-35 but the debug symbols are # for 2.6.32-39. Need to upgrade kernel and reboot to it: lindi3:~$ cat /proc/version Linux version 2.6.32-5-amd64 (Debian 2.6.32-35) (dannf@debian.org) (gcc version 4.3.5 (Debian 4.3.5-4) ) #1 SMP Tue Jun 14 09:42:28 UTC 2011 lindi3:~$ dpkg-query -W linux-image-2.6.32-5-amd64 linux-image-2.6.32-5-amd64 2.6.32-35 lindi3:~$ dpkg-query -W linux-image-2.6.32-5-amd64-dbg linux-image-2.6.32-5-amd64-dbg 2.6.32-39 lindi3:~$ sudo apt-get upgrade ... Preparing to replace linux-image-2.6.32-5-amd64 2.6.32-35 (using .../linux-image-2.6.32-5-amd64_2.6.32-39_amd64.deb) ... .... lindi3:~$ sudo reboot lindi3:~$ stap -e 'probe syscall.open { printf("%s\n", argstr); }' , O_RDONLY "/etc/ld.so.cache", O_RDONLY "/usr/lib/liblockfile.so.1", O_RDONLY "/lib/libc.so.6", O_RDONLY "/etc/ld.so.cache", O_RDONLY "/lib/libc.so.6", O_RDONLY "/var/run/ntpd.pid", O_RDONLY "/etc/ld.so.cache", O_RDONLY ... # Finally works!