traceloop
The traceloop gadget is a syscalls flight recorder.
Getting started
Running the gadget:
- kubectl gadget
- ig
Unsupported
$ sudo ig run ghcr.io/inspektor-gadget/gadget/traceloop:v0.39.0 [flags]
Guide
First, we need to run an application that generates some events.
- kubectl gadget
- ig
Unsupported
$ docker run -it --rm --name test-traceloop busybox /bin/sh
Then, let's run the gadget:
- kubectl gadget
- ig
Unsupported
$ sudo ig run traceloop:v0.39.0 --containername test-traceloop
RUNTIME.CONTAINERNAME CPU PID COMM SYSCALL PARAMETERS RET
Now, let's generate some events:
- kubectl gadget
- ig
Unsupported
Run a command inside the container:
/ # ls
Let's collect the syscalls:
- kubectl gadget
- ig
Unsupported
Press Ctrl+C to collect the syscalls:
$ sudo ig run traceloop:v0.39.0 --containername test-traceloop
RUNTIME.CONTAINERNAME CPU PID COMM SYSCALL PARAMETERS RET
...
test-traceloop 5 58054 sh execve filename="/bin/ls", a… 0
test-traceloop 5 58054 ls brk brk=0 102559763509…
test-traceloop 5 58054 ls mmap addr=0, len=8192, pro… 123786398932…
test-traceloop 5 58054 ls access filename="/etc/ld.so.… -1 (Permissi…
...
test-traceloop 5 58054 ls write fd=1, buf="\x1b[1;34m… 201
test-traceloop 5 58054 ls exit_group error_code=0 X
...
Finally, clean the system:
- kubectl gadget
- ig
Unsupported
$ docker rm -f test-traceloop
Limitations
This gadget has the following limitations:
- It cannot be run in kubernetes context.
- Timestamps are not filled on kernel older than 5.7.