Klogger is a framework for post mortem analysis of the Linux kernel behavior. It is designed so that developers can easily define events they want logged and log them in the kernel code. At runtime, the Klogger infrastructure is enabled for the period of time the developer wishes to analyze, logging all events into a special log file, which can later be analyzed.
Klogger excels at it's low overhead and flexibility, allowing researchers to analyze performance bottlenecks that are very difficult to reach with standard logging tools, while not requiring the user to become a kernel hacker.
This document is an attempt to allow the research community to gain experience with Klogger, while possibly providing feedback about the tool and its features.
Klogger flexibility is embodied in its support for different schemata -- different disjoint event sets, dedicated to the analysis of different subsystems. Schemata enable users to analyze only the subsystem that interests them, and create new Klogger schemata specific for their research (read more about schemata in sections 3 and 7).
We are trying to collect a host of schemata which will allow both developers and researchers to study the various kernel subsystems without having to dive into the actual implementations. The best example is a storage systems researcher who does not have to fully understand the implementation of the subsystem and driver in one kernel or another, as long as he can get information about the blocks read from/written to storage, their order, timings etc. By supplying a schema logging the major events of the storage subsystem, we can allow more people to be involved in cutting edge research. The same goes for most parts of modern kernels -- networking, scheduling, synchronization, file systems, etc.