new file mode 100755
@@ -0,0 +1,34 @@
+#!/usr/bin/env python3
+
+"""
+SPDX-License-Identifier: CC-BY-4.0
+
+Copyright (C) 2021, VMware, Tzvetomir Stoyanov <tz.stoyanov@gmail.com>
+"""
+
+import sys
+import tracecruncher.ftracepy as ft
+
+args = len(sys.argv)
+if args < 2:
+ print('Usage: ', sys.argv[0],
+ ' [PROCESS ID 1] ... [PROCESS ID n]; print all system calls of given processes')
+ sys.exit(1)
+
+# Create new Ftrace instance to work in.
+inst = ft.create_instance(tracing_on=False)
+
+# Enable all static events from system calls.
+ft.enable_events(instance=inst, systems=['syscalls'], events=[['all']])
+
+# Filter system calls only for the desired PIDs
+for i in range(1, args):
+ ft.set_event_pid(instance=inst, pid=int(sys.argv[i]))
+# Also, track system calls for the children
+ft.enable_option(instance=inst, option="event-fork")
+
+# Enable tracing
+ft.tracing_ON(instance=inst)
+
+# Read and print traced events, until <ctrl-c> is pressed.
+ft.read_trace(instance=inst)
New trace-cruncher example script dumps all system calls of given process and its children. Signed-off-by: Tzvetomir Stoyanov (VMware) <tz.stoyanov@gmail.com> --- examples/trace_syscalls.py | 34 ++++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) create mode 100755 examples/trace_syscalls.py