Documentation made easier
probe::syscall_any − Record entry into a syscall
syscall_any
name
name of the syscall
syscall_nr
number of the syscall
The process performing the syscall
The syscall_any probe point is designed to be a low overhead that monitors all the syscalls entered via a kernel tracepoint. Because of the breadth of syscalls it monitors it provides no information about the syscall arguments or argstr string representation of those arguments.
This requires kernel 3.5+ and newer which have the kernel.trace(“sys_enter”) probe point.
tapset::syscall_any(3stap)