Signal - sends a signal specifying its number (
signum), plus an optional
handler, to the calling process or process group.
signal syscall is used to send a signal to one or more process, specify by its
signum and with optional
handler (the function being executed when the signal is delivered). It can be used to send signals like
SIGKILL to terminate processes, as well as custom signals to communicate information or initiate actions from other processes.
Signals can be blocked depending on their type, so it is important to take that into account when sending a signal.
int- the signal number to send. The list of available signals is described in the
sighandler_t[K] - optional pointer to the function to be executed upon arrival of the signal.
- K - Originated from kernel-space.
Tracepoint + Kprobe
Gather data and figure out what function is executed when the signal is received.
Example Use Case¶
One example of use of the
signal event is to count how many signals of a particular kind (in this case, SIGTERM) were sent and received during a given period of time.
Due to the asynchronous and unreliable nature of signals, in some cases signals may be lost or delivered late.
kill- similar to signal but with a more precise target.
waitid- used to wait for processes and identify the signal sent.
This document was automatically generated by OpenAI and needs review. It might not be accurate and might contain errors. The authors of Tracee recommend that the user reads the "events.go" source file to understand the events and their arguments better.