Linux Trace Toolkit
This article has multiple issues. Please help improve it or discuss these issues on the talk page. (Learn how and when to remove these template messages)(Learn how and when to remove this template message)
The Linux Trace Toolkit (LTT) is a set of tools that is designed to log program execution details from a patched Linux kernel and then perform various analyses on them, using console-based and graphical tools. LTT has been mostly superseded by its successor LTTng (Linux Trace Toolkit Next Generation).
LTT allows the user to see in-depth information about the processes that were running during the trace period, including when context switches occurred, how long the processes were blocked for, and how much time the processes spent executing vs. how much time the processes were blocked. The data is logged to a text file and various console-based and graphical (GTK+) tools are provided for interpreting that data.
In order to do data collection, LTT requires a patched Linux kernel. The authors of LTT claim that the performance hit for a patched kernel compared to a regular kernel is minimal; Their testing has reportedly shown that this is less than 2.5% on a "normal use" system (measured using batches of kernel makes) and less than 5% on a file I/O intensive system (measured using batches of tar).
Collecting trace data
Data collection is Started by:
trace 15 foo
This command will cause the LTT tracedaemon to do a trace that lasts for 15 seconds, writing trace data to
foo.trace and process information from the
/proc filesystem to
trace command is actually a script which runs the program
tracedaemon with some common options. It is possible to run
tracedaemon directly and in that case, the user can use a number of command-line options to control the data which is collected. For the complete list of options supported by
tracedaemon, see the online manual page for tracedaemon.
Viewing the results
Viewing the results of a trace can be accomplished with:
This command will launch a graphical (GTK+)
traceview tool that will read from
foo.proc. This tool can show information in various interesting ways, including Event Graph, Process Analysis, and Raw Trace. The Event Graph is perhaps the most interesting view, showing the exact timing of events like page faults, interrupts, and context switches, in a simple graphical way.
traceview command is a wrapper for a program called
tracevisualizer. For the complete list of options supported by
tracevisualizer, see the online manual page for tracevisualizer.