If you want to trace all system activity (for example, on a busy server), you can proceed to "Enabling and Disabling Tracing". This is the most common use of kernel tracing, and usually the most informative.
However, you also have the option of restricting trace data generation to selected processes; this can reduce the amount of data you need to collect and analyze.
prex uses two abstractions to allow you to do process filtering.
The process filter set is a list of process identifiers (PIDs) for those processes that you want enabled for tracing; no trace data will be written by (threads belonging to) processes that are not in the filter set. The default filter set is empty.
The process filter mode is a global flag that selects whether process filtering is enabled or disabled in the kernel. The default is that process filtering is disabled, which means that all processes (and threads) write trace records. When it is enabled, only (threads belonging to) the processes in the filter set write trace records.
Use the prex pfilter command to control process filtering.
prex> pfilter # are we filtering? Process filtering is off Process filter set is empty. prex> pfilter add 408 # add PID 408 to filter set prex> pfilter Process filtering is off Process filter set is {408} prex> pfilter on # enable process filter mode prex>
System threads (such as interrupt threads) are treated as belonging to process 0.