bpftrace is a general purpose tracing tool and language for Linux. It leverages eBPF to provide powerful, efficient tracing capabilities with minimal overhead. bpftrace uses LLVM as a compiler backend, and libbpf for interacting with the Linux BPF subsystem, including kernel dynamic tracing (kprobes, hardware and software perf events), user-level dynamic tracing (USDT, uprobes), tracepoints (regular, raw), and more. The bpftrace language is inspired by awk, C, and predecessor tracers such as DTrace and SystemTap.
Visit bpftrace.org for tutorials, documentation, and labs!
This respository also contains some canonical tools.
For migrating from older versions, see the migration guide.
Get started with bpftrace in just a few minutes! To build from source, see the building section below. However, you can often install it using your distribution's package manager.
Important
When using a distribution package, be sure to verify bpftrace --version when referencing documentation.
| Distributions | Command |
|
sudo apt install bpftrace |
|
sudo dnf install bpftrace |
|
sudo apk add bpftrace |
|
sudo pacman -S bpftrace |
|
sudo emerge -av bpftrace |
|
nix-shell -p bpftrace |
|
sudo zypper install bpftrace |
|
declare -A suffixes=([x86_64]="X64" [amd64]="AMD64");
declare prefix="bpftrace/bpftrace/workflows/binary/master/bpftrace";
declare url="https://nightly.link/${prefix}-${suffixes[$(uname -m)]}.zip";
curl -L -o bpftrace.zip "${url}" && unzip bpftrace.zip |
See our contributing guide for details on how to contribute, and our governance document for details on how the project is run.
If you have tools built with bpftrace that you'd like to submit, please contribute to the user-tools repository.
For minimum kernel version requirements, see our dependency support policy. Your kernel should be built with the necessary BPF options enabled. Verify this by running the check_kernel_features script from the scripts directory.
bpftrace also uses git submodules, so ensure they are initialized when checking out the code. See dependency support for details.
git clone --recurse-submodules https://github.com/bpftrace/bpftrace
cd bpftracebpftrace provides a Nix flake, which is recommended for building and testing.
nix developFor a suitable build environment without Nix, see our Dockerfiles for detailed build examples:
If all dependencies are installed correctly, you should be able to configure and build using CMake.
cmake -DCMAKE_BUILD_TYPE=Release -B build .
make -C build -j$(nproc)Troubleshooting
Kernel Lockdown: If your system has kernel lockdown enabled (often with Secure Boot), bpftrace will be blocked. To disable:
- Disable Secure Boot in UEFI, or
- Run
sudo mokutil --disable-validationand reboot, or - Temporarily lift lockdown with
SysRQ+x(until next boot)
bpftrace is built and maintained by a diverse community of contributors, users, and organizations who rely on it for production tracing and debugging.
Get help or get involved:
- π¬ GitHub Discussions - Ask questions
- π Issue Tracker - Report bugs and request features
- π Monthly Office Hours - Open to everyone
- π¬ Discord - Open to everyone
