DTrace User Guide

Specifying Probes in DTrace

You can fully specify a probe by listing each component of the 4–tuple that uniquely identifies that probe. The format for the probe specification is provider:module:function:name. An empty component in a probe specification matches anything. For example, the specification fbt::alloc:entry specifies a probe with the following attributes:

Elements on the left hand side of the 4–tuple are optional. The probe specification ::open:entry is equivalent to the specification open:entry. Either specification will match probes from all providers and kernel modules that have a function name of open and are named entry.

# dtrace -l -n open:entry
  ID      PROVIDER        MODULE             FUNCTION NAME
  14       syscall                               open entry
7386           fbt       genunix                 open entry

You can also describe probes with a pattern matching syntax that is similar to the syntax that is described in the File Name Generation section of the sh(1) man page. The syntax supports the special characters *, ?, [, and ]. The probe description syscall::open*:entry matches both the open and open64 system calls. The ? character represents any single character in the name. The [ and ] characters are used to specify a set of specific characters in the name.