1Demonstrations of killsnoop, the Linux eBPF/bcc version.
2
3
4This traces signals sent via the kill() syscall. For example:
5
6# ./killsnoop
7TIME      PID    COMM             SIG  TPID   RESULT
812:10:51  13967  bash             9    13885  0
912:11:34  13967  bash             9    1024   -3
1012:11:41  815    systemd-udevd    15   14076  0
11
12The first line showed a SIGKILL (9) sent from PID 13967 (a bash shell) to
13PID 13885. The result, 0, means success.
14
15The second line showed the same signal sent, this time resulting in a -3
16(ESRCH: no such process).
17
18
19USAGE message:
20
21# ./killsnoop -h
22usage: killsnoop [-h] [-x] [-p PID]
23
24Trace signals issued by the kill() syscall
25
26optional arguments:
27  -h, --help         show this help message and exit
28  -x, --failed       only show failed kill syscalls
29  -p PID, --pid PID  trace this PID only
30
31examples:
32    ./killsnoop           # trace all kill() signals
33    ./killsnoop -x        # only show failed kills
34    ./killsnoop -p 181    # only trace PID 181
35