Yeah, data mining techniques may be relevant since the huge trace size that we can get. Trace reduction techniques, algorithms to index data. One of the thing that is particular to trace analysis is the temporal nature of events, that may lead to something...
You're right, we can analyse abnormal situation with tracing. For example, if you have a trace of a system with correct behavior and one with a malware, it could be possible to do a "trace diff" and see what's different. As you may expect, this is not trivial diff!
Trace points in the kernel are available, and this is great, but there are many more than that. You need a good ring buffer lock less to not impact performances and all the infrastructure for this. For example, you can't do flight recording with perf and it's impact performance is greater due to less sophisticated ring buffers.
Binary packages are easy to install, that's it. I don't know of other LTTng integration inside a distro. If you prefer patching your own kernel and compiling tools from git repository, you're free to do it.
With DTrace, you have to know what you are looking for in advance, while LTTng can trace in background in flight recording mode and record everything that is going on. Then, afterward you can have all the information you need, and this is invaluable when you have a hard to reproduce bug!
We are waiting for decent kernel tracing since a decade, while LTTng is readily available today. It's better than any other tools like perf, ftrace and dtrace. Microsoft Windows has the Event Tracing for Windows since 2003, and if Linux wants to be taken seriously, it has to be mainline and available without kernel patching. And, I think that users should not be experts to use that kind of tools.
Kernel tracing instrumentation is ready, now we need decent analysis tools. The problem is that there is so much data, that it's hard to interpret them. For the project, I have to come up with something that is new and better that what is already known.
For example, we could get a better analysis than bootchart, or auto detect bottlenecks in a system (disk, CPU, memory, network, etc...). There are some work done to integrate userspace and kernel space tracing, virtual machine and host traces, dynamic and static trace points. For a distro, they could record a trace in background and send this information allong with the core dump when an application crash occur. That's all ideas!
The reason is that I would like to make my research useful for tracing users, and I think the best way to do it is to ask people what they really need. I will give credits to those how helped my, why not?;-)
Slashdot Mirror
It's getting there, we can be happy of that!
You are right. Linux is taken seriously. And it just can be better with LTT.
Event Tracing for Windows is great, and they have done a good job on this.
You're right, Linux is already considered seriously. It just can be even better. Happy to know that you too are contributing to this.
Great, thanks for this tip!
Yeah, data mining techniques may be relevant since the huge trace size that we can get. Trace reduction techniques, algorithms to index data. One of the thing that is particular to trace analysis is the temporal nature of events, that may lead to something...
You're right, we can analyse abnormal situation with tracing. For example, if you have a trace of a system with correct behavior and one with a malware, it could be possible to do a "trace diff" and see what's different. As you may expect, this is not trivial diff!
Trace points in the kernel are available, and this is great, but there are many more than that. You need a good ring buffer lock less to not impact performances and all the infrastructure for this. For example, you can't do flight recording with perf and it's impact performance is greater due to less sophisticated ring buffers.
Really, he doesn't care. I whish he would care about this core feature.
Binary packages are easy to install, that's it. I don't know of other LTTng integration inside a distro. If you prefer patching your own kernel and compiling tools from git repository, you're free to do it.
With DTrace, you have to know what you are looking for in advance, while LTTng can trace in background in flight recording mode and record everything that is going on. Then, afterward you can have all the information you need, and this is invaluable when you have a hard to reproduce bug!
We are waiting for decent kernel tracing since a decade, while LTTng is readily available today. It's better than any other tools like perf, ftrace and dtrace. Microsoft Windows has the Event Tracing for Windows since 2003, and if Linux wants to be taken seriously, it has to be mainline and available without kernel patching. And, I think that users should not be experts to use that kind of tools.
Kernel tracing instrumentation is ready, now we need decent analysis tools. The problem is that there is so much data, that it's hard to interpret them. For the project, I have to come up with something that is new and better that what is already known. For example, we could get a better analysis than bootchart, or auto detect bottlenecks in a system (disk, CPU, memory, network, etc...). There are some work done to integrate userspace and kernel space tracing, virtual machine and host traces, dynamic and static trace points. For a distro, they could record a trace in background and send this information allong with the core dump when an application crash occur. That's all ideas!
The reason is that I would like to make my research useful for tracing users, and I think the best way to do it is to ask people what they really need. I will give credits to those how helped my, why not? ;-)