explaingit

brendangregg/perf-tools

10,428ShellAudience · ops devopsComplexity · 3/5Setup · moderate

TLDR

A collection of Linux shell scripts by Brendan Gregg for observing system performance in real time, tracking disk I/O, file opens, process starts, and more using built-in kernel tracing.

Mindmap

mindmap
  root((repo))
    What it does
      Linux performance tracing
      Real-time observability
      Kernel-level insights
    Tools
      iosnoop disk IO
      execsnoop processes
      opensnoop file access
      TCP retransmit tracer
    How it works
      ftrace kernel feature
      perf events
      Shell scripts
    Audience
      Linux sysadmins
      DevOps engineers
Click or tap to explore — scroll the page freely

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

Things people build with this

USE CASE 1

Find out which files your app is opening and how fast disk reads and writes are taking on a live Linux system.

USE CASE 2

Track every process that starts on a server in real time, including its full command-line arguments.

USE CASE 3

Measure disk I/O latency with a histogram to determine whether slow performance is caused by storage bottlenecks.

USE CASE 4

Debug network issues by tracing TCP retransmissions happening live on a running Linux server.

Tech stack

ShellLinuxftraceperf_events

Getting it running

Difficulty · moderate Time to first run · 30min

Requires ftrace enabled in the Linux kernel and debugfs mounted, some tools also need the perf package installed separately.

In plain English

perf-tools is a collection of shell scripts for measuring performance on Linux systems, created by Brendan Gregg, a well-known author in the systems performance field. The tools are built on top of two tracing systems that come built into the Linux kernel: ftrace and perf_events. These kernel features let you observe what the operating system is doing at a low level, such as which functions are being called, how long disk operations take, and which processes are starting or stopping. The individual tools each do one specific job. For example, iosnoop shows disk I/O operations as they happen with timing details, iolatency produces a histogram showing how long disk reads and writes take, execsnoop reports every new process that starts along with its command-line arguments, and opensnoop tracks which files are being opened and by which processes. There are also tools for counting kernel function calls, tracing network TCP retransmissions, measuring cache hit and miss rates, and inspecting signals sent between processes. The tools are designed to work on Linux 3.2 and newer kernels with minimal dependencies. Most require the kernel to have ftrace enabled, which many distributions include by default. Some also require the perf command, available as a package on most Linux distributions, and a mounted debugfs filesystem. A few tools mention using eBPF as a future direction for more capable versions. The collection is described as in-development and unsupported. Many tools include workarounds for limitations in existing kernels and come with caveats documented in their manual pages. The README includes multiple example outputs showing what each tool prints when run on a real system.

Copy-paste prompts

Prompt 1
I want to find out which files a specific process is reading on my Linux server. Help me run the opensnoop tool from brendangregg/perf-tools and filter output by process ID.
Prompt 2
Show me how to use iolatency from brendangregg/perf-tools to generate a histogram of disk I/O latency and interpret what the results mean.
Prompt 3
My server is slow. Help me use execsnoop from brendangregg/perf-tools to identify runaway processes that are spawning too frequently.
Prompt 4
Walk me through setting up brendangregg/perf-tools on a fresh Ubuntu server, what kernel features and packages do I need to enable or install first?
Open on GitHub → Explain another repo

← brendangregg on gitmyhub — every repo by this author, as a profile.

Verify against the repo before relying on details.