/usr/share/sysdig/chisels/iobytes_file.lua is in sysdig 0.8.0-1.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 | --[[
Copyright (C) 2013-2014 Draios inc.
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License version 2 as
published by the Free Software Foundation.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
--]]
-- Chisel description
description = "Counts the total bytes read from and written to files.";
short_description = "Sum of file I/O bytes";
category = "I/O";
-- Chisel argument list
args =
{
}
tot = 0
totin = 0
totout = 0
-- Initialization callback
function on_init()
-- Request the fields
fbytes = chisel.request_field("evt.rawarg.res")
ftime = chisel.request_field("evt.time.s")
fisread = chisel.request_field("evt.is_io_read")
-- set the filter
chisel.set_filter("evt.is_io=true and fd.type=file")
chisel.set_interval_s(1)
return true
end
-- Event parsing callback
function on_event()
bytes = evt.field(fbytes)
isread = evt.field(fisread)
if bytes ~= nil and bytes > 0 then
tot = tot + bytes
if isread then
totin = totin + bytes
else
totout = totout + bytes
end
end
return true
end
function on_interval(delta)
etime = evt.field(ftime)
print(etime .. " in:" .. totin .. " out:" .. totout .. " tot:" .. tot)
tot = 0
totin = 0
totout = 0
return true
end
|