You can use the static rules filter to track or filter events for all classes, certain events in a class, or even events related to specific process and thread IDs. You can select events in an additive or subtractive manner; you can start with no events, and then add specific classes or events, or you can start with all events, and then exclude specific ones.
The static rules filter is the best, most efficient method of data reduction. It generally frees up the processor while significantly reducing the data rate. This filter is also useful for gathering large amounts of data periodically, or after many hours of logging without generating gigabytes of data in the interim.
You set up this filter using the following TraceEvent() commands:
TraceEvent(_NTO_TRACE_ADDALLCLASSES); TraceEvent(_NTO_TRACE_DELALLCLASSES);
TraceEvent(_NTO_TRACE_ADDCLASS, class): TraceEvent(_NTO_TRACE_DELCLASS, class):
For information about the different classes, see "Classes and events" in the Events and the Kernel chapter of this guide.
TraceEvent(_NTO_TRACE_ADDEVENT, class, event); TraceEvent(_NTO_TRACE_DELEVENT, class, event);
TraceEvent(_NTO_TRACE_SETCLASSPID, int class, pid_t pid); TraceEvent(_NTO_TRACE_CLRCLASSPID, int class);
TraceEvent(_NTO_TRACE_SETCLASSTID, int class, pid_t pid, tid_t tid); TraceEvent(_NTO_TRACE_CLRCLASSTID, int class);
TraceEvent(_NTO_TRACE_SETEVENTPID, int class, int event, pid_t pid); TraceEvent(_NTO_TRACE_CLREVENTPID, int class, int event);
TraceEvent(_NTO_TRACE_SETEVENTTID, int class, int event, pid_t pid, tid_t tid); TraceEvent(_NTO_TRACE_CLREVENTTID, int class, int event);
The instrumented kernel retains these settings, so you should be careful not to make any assumptions about the settings that are in effect when you set up your filters. For example, you might want to start by turning off all filtering:
TraceEvent(_NTO_TRACE_DELALLCLASSES); TraceEvent(_NTO_TRACE_CLRCLASSPID, _NTO_TRACE_KERCALL); TraceEvent(_NTO_TRACE_CLRCLASSTID, _NTO_TRACE_KERCALL); TraceEvent(_NTO_TRACE_CLRCLASSPID, _NTO_TRACE_THREAD); TraceEvent(_NTO_TRACE_CLRCLASSTID, _NTO_TRACE_THREAD); TraceEvent(_NTO_TRACE_CLRCLASSPID, _NTO_TRACE_VTHREAD); TraceEvent(_NTO_TRACE_CLRCLASSTID, _NTO_TRACE_VTHREAD); TraceEvent(_NTO_TRACE_CLRCLASSPID, _NTO_TRACE_SYSTEM); TraceEvent(_NTO_TRACE_CLRCLASSTID, _NTO_TRACE_SYSTEM); TraceEvent(_NTO_TRACE_CLRCLASSPID, _NTO_TRACE_COMM); TraceEvent(_NTO_TRACE_CLRCLASSTID, _NTO_TRACE_COMM);
You can select events in an additive or subtractive manner; you can start with no events, and then add specific classes or events, or you can start with all events, and then exclude specific ones.
For an example using the static filter, see the five_events.c example in the Tutorials chapter.