Update readme and linux trace capture docs (#1)

* Update readme and linux trace capture docs

Author: ivberg

Images/WpaLinux.JPG

@@ -0,0 +1,180 @@
+# Overview - Linux Trace and Log Capture
+
+This provides a quick start on how to capture logs on Linux. 
+
+Logs:
+
+- [LTTng](https://lttng.org) system trace (requires customized image for boot scenario)
+- Perf CPU Sampling
+- [cloud-init.log](https://cloud-init.io/)
+  - Automatically logged by cloud-init to /var/log/cloud-init.log
+- [dmesg.iso.log](https://en.wikipedia.org/wiki/Dmesg)
+  - Standard auto dmesg log doesn't output in absolute time needed for correlation with other logs
+  - dmesg --time-format iso > dmesg.iso.log
+- [waagent.log](https://github.com/Azure/WALinuxAgent)
+  - Automatically logged by WaLinuxAgent to /var/log/waagent.log
+  - LogLevel can be turned more verbose in custom image
+  - /etc/waagent.conf
+  - Logs.Verbose=y
+
+# LTTng
+[LTTng](https://lttng.org) (Kernel CPU scheduling, Processes, Threads, Block IO/Disk, Syscalls, File events, etc)
+
+[LTTng Docs](https://lttng.org/docs/v2.10/) [LTTng](https://lttng.org/) is an open source tracing framework for Linux. Installation instructions for your Linux distro can be found in the docs. 
+
+Supports:
+- Threads and Processes
+- Context Switches / CPU Usage
+- Syscalls
+- File related events
+- Block IO / Disk Activity
+- Diagnostic Messages
+
+Once you have everything set up you just need to decide what kind of information you are looking for and begin tracing. 
+
+In this example we are looking at process scheduler events. We might use this to determine process lifetime and identify dependencies. You can learn more about what kind of "events" you can enable [here](https://lttng.org/man/1/lttng-enable-event/v2.8/). 
+```bash
+ root@xenial:~/tracing# lttng list --kernel # Gives a list of all Kernel events you can trace
+ root@xenial:~/tracing# lttng list --kernel --syscall # Gives a list of all traceable Linux system calls
+
+ root@xenial:~/tracing# lttng create my-kernel-session --output=/tmp/my-kernel-trace
+ root@xenial:~/tracing# lttng enable-event --kernel sched_process*
+ root@xenial:~/tracing# lttng start
+ root@xenial:~/tracing# lttng stop
+ root@xenial:~/tracing# lttng destroy
+```
+
+## Recommended LTTng Tracing 
+
+### Install the tracing software:
+Example on Ubuntu:
+```bash
+$ sudo apt-get install lttng-tools lttng-modules-dkms liblttng-ust-dev
+```
+For more examples see [LTTng Download docs](https://lttng.org/download/)
+
+### Create a session:
+```bash
+$ sudo lttng create my-kernel-session --output=lttng-kernel-trace
+```
+
+### Add the desired events to be recorded:
+```bash
+$ sudo lttng enable-event --kernel block_rq_complete,block_rq_insert,block_rq_issue,printk_console,sched_wak*,sched_switch,sched_process_fork,sched_process_exit,sched_process_exec,lttng_statedump*
+$ sudo lttng enable-event --kernel --syscall –-all
+```
+
+### Add context fields to the channel:
+```bash
+$ sudo lttng add-context --kernel --channel=channel0 --type=tid
+$ sudo lttng add-context --kernel --channel=channel0 --type=pid
+$ sudo lttng add-context --kernel --channel=channel0 --type=procname
+```
+
+### Start the recording:
+```bash
+$ sudo lttng start
+```
+
+### Save the session:
+```bash
+$ sudo lttng regenerate statedump <- Better correlation / info in Microsoft-Performance-Tools-Linux
+$ sudo lttng stop
+$ sudo lttng destroy
+```
+
+# Perf
+Perf is used to collect CPU Sampling (cpu-clock) events as LTTng doesn't support capturing these yet. Note: Stacks may require symbol setup
+
+[perf](https://perf.wiki.kernel.org/) CPU Sampling(cpu-clock)
+
+If you want to trace .NET Core then you need [perfcollect](http://aka.ms/perfcollect) which capture CPU sampling and more
+
+## Perf Install
+```bash
+$ sudo apt-get install linux-tools-common
+```
+
+## User-Mode (UM) Symbols Install
+KM symbols are automatically resolved. If you wish to resolve UM cpu sample functions and stacks, you may need to install debug packages for the binary you are profiling
+
+For example, [Debug Symbol Packages on Ubuntu](https://wiki.ubuntu.com/Debug%20Symbol%20Packages)
+
+## Record a trace
+```bash
+$ sudo /usr/bin/perf record -g -a -F 999 -e cpu-clock,sched:sched_stat_sleep,sched:sched_switch,sched:sched_process_exit -o perf_cpu.data
+```
+
+## Stop the Trace
+```bash
+$ Ctrl-C
+```
+
+## Convert trace to text format
+This is to useful along-side the CTF trace to resolve UM IP/Symbols. Similar to what [perfcollect](https://raw.githubusercontent.com/microsoft/perfview/master/src/perfcollect/perfcollect) uses
+
+```bash
+$ sudo perf inject -v -s -i perf_cpu.data -o perf.data.merged
+
+# There is a breaking change where the capitalization of the -f parameter changed.
+$ sudo perf script -i perf.data.merged -F comm,pid,tid,cpu,time,period,event,ip,sym,dso,trace > perf.data.txt
+
+if [ $? -ne 0 ]
+then
+    $ sudo perf script -i perf.data.merged -f comm,pid,tid,cpu,time,period,event,ip,sym,dso,trace > perf.data.txt
+fi
+
+# If the dump file is zero length, try to collect without the period field, which was added recently.
+if [ ! -s perf.data.txt ]
+then
+    $ sudo perf script -i perf.data.merged -f comm,pid,tid,cpu,time,event,ip,sym,dso,trace > perf.data.txt
+fi
+```
+
+## Capture trace timestamp start 
+Perf.data.txt only contains relative timestamps. If you want correct absolute timestamps in UI then you will need to know the trace start time.
+
+```bash
+$ sudo perf report --header-only -i perf_cpu.data | grep "captured on"
+```
+
+Place the "captured on" timestamp for example "Thu Oct 17 15:37:36 2019" in a timestamp.txt file next to the trace folder. The timestamp will be interpreted as UTC
+
+### Convert to CTF (Optional) (requires CTF enabled perf) 
+We have optional support for perf CTF conversion. It it currently NOT RECOMMENDED to use this though as you get less features (like KM/UM stacks) than perf.data.txt support which resolves callstacks on the box.
+This only supports KM symbols (for now) supplied by kallsyms. Microsoft-Linux-Perf-Tools support for the perf CTF trace is experimental given lack of UM symbols
+
+```bash
+$ perf data convert -i perf_cpu.data --all --to-ctf ./perf_cpu.data-ctf
+```
+
+You will need the perf file in converted CTF format which you can do with a custom compiled perf (unless some distro compiled the support in). [Custom build instructions here](https://stackoverflow.com/questions/43576997/building-perf-with-babeltrace-for-perf-to-ctf-conversion)
+
+## Save Kernel Symbols (Optional) (for use with CTF enabled perf)
+This is only needed for a perf CTF trace
+
+```bash
+$ sudo cat /proc/kallsyms > kallsyms
+```
+
+# Transferring the files to Windows UI (optional)
+You then need to transfer the perf files to a Windows box where WPA runs. The most important file is perf.data.txt
+
+```bash
+$ sudo chmod 777 -R perf*
+```
+
+- Copy files from Linux to Windows box with WinSCP/SCP OR 
+```bash
+$ tar -czvf perf_cpu-ctf.tar.gz perf*
+```
+- (Optional if you want absolute timestamps) Place timestamp.txt next to perf.data.txt
+- Open perf.data.txt with WPA
+- For the perf CTF file (optional) On Windows, Zip the folder up and rename to .ctf extension. E.g. perf_cpu-ctf.ctf (which is really a .zip file)
+  - CTF (Optional) Kallsyms needs to be on your Desktop
+
+
+# Presentations
+
+If you want to see a demo or get more in-depth info on using these tools check out a talk given at the [Linux Tracing Summit](https://www.tracingsummit.org/ts/2019/):
+>Linux & Windows Perf Analysis using WPA, ([slides](https://www.tracingsummit.org/ts/2019/files/Tracingsummit2019-wpa-berg-gibeau.pdf)) ([video](https://youtu.be/HUbVaIi-aaw))

LinuxTraceLogCapture.md

@@ -29,6 +29,16 @@ Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Dmesg", "LinuxLogParsers\Li
 EndProject
 Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "WaLinuxAgent", "LinuxLogParsers\LinuxPlugins-MicrosoftPerformanceToolkSDK\WaLinuxAgent\WaLinuxAgent.csproj", "{75AF82A4-AF0E-425F-8CF5-62F4F54380B9}"
 EndProject
+Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "Docs", "Docs", "{E48222FC-D167-4281-BC94-961C22908B25}"
+	ProjectSection(SolutionItems) = preProject
+		CODE_OF_CONDUCT.md = CODE_OF_CONDUCT.md
+		LinuxTraceLogCapture.md = LinuxTraceLogCapture.md
+		NOTICE.md = NOTICE.md
+		README.md = README.md
+		SECURITY.md = SECURITY.md
+		SUPPORT.md = SUPPORT.md
+	EndProjectSection
+EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
 		Debug|Any CPU = Debug|Any CPU

Microsoft-Perf-Tools-Linux.sln

@@ -1,14 +1,60 @@
-# Project
+# Microsoft Performance Tools Linux
 
-> This repo has been populated by an initial template to help get you started. Please
-> make sure to update the content to build a great experience for community-building.
+> This repo contains various Linux Performance Analysis tools built with the [Microsoft Performance Toolkit SDK](https://github.com/microsoft/microsoft-performance-toolkit-sdk).
 
-As the maintainer of this project, please make a few updates:
+> Tools are built with open source .NET Core and can be run on the cmd-line or in the WPA GUI. All the logs that are supported are open source. 
 
-- Improving this README.MD file to provide a great experience
-- Updating SUPPORT.MD with content about this project's support experience
-- Understanding the security reporting process in SECURITY.MD
-- Remove this section from the README
+>Not only are the raw logs parsed, but a lot of smart post processing / correlation is done to make your life easier as a perf analyst. We hope you can solve & debug tough issues on you or your customers systems with this toolset!
+
+> Tracing supported: [LTTng](https://lttng.org) (Kernel CPU scheduling, Processes, Threads, Block IO/Disk, Syscalls, File events, etc), [perf](https://perf.wiki.kernel.org/) CPU Sampling(cpu-clock)
+
+> Logs supported: [Dmesg](https://en.wikipedia.org/wiki/Dmesg), [Cloud-Init](https://cloud-init.io/), [WaLinuxAgent](https://github.com/Azure/WALinuxAgent)
+
+**Optional** WPA GUI:
+![WpaLinux](Images/WpaLinux.JPG)
+
+# Presentations
+
+If you want to see a demo or get more in-depth info on using these tools check out a talk given at the [Linux Tracing Summit](https://www.tracingsummit.org/ts/2019/):
+>Linux & Windows Perf Analysis using WPA, ([slides](https://www.tracingsummit.org/ts/2019/files/Tracingsummit2019-wpa-berg-gibeau.pdf)) ([video](https://youtu.be/HUbVaIi-aaw))
+
+# Prerequisites
+
+## Runtime prereqs
+- [.NET Core Runtime 3.1.x](https://dotnet.microsoft.com/download/dotnet-core/3.1)
+
+## Dev prereqs
+- [.NET Core SDK 3.1.x](https://dotnet.microsoft.com/download/dotnet-core/3.1)
+- [Visual Studio](https://visualstudio.microsoft.com/), [VSCode](https://visualstudio.microsoft.com/), or your favorite editor!
+
+# Download
+See [Releases](https://github.com/microsoft/Microsoft-Performance-Tools-Linux/releases)
+
+# How to run the tools
+The tools can be run in several modes:
+
+- Cross-platform with .NET Core
+  - Used as a library
+  - With a driver program for example dumping to screen or text format
+- (Coming soon) (Windows) Command-line dumping to a text format (say CSV)
+- (Coming soon) (Windows) Using the WPA GUI to load these tools as plugins
+
+# How to capture a trace or logs
+Please see [Linux Trace Log Capture](LinuxTraceLogCapture.md)
+
+# How to load the logs in the UI
+Once you gather the data, there is a tiny bit of prep needed to open them in a single unified timeline (like the screenshot above)
+
+- LTTng - If you just need to open only a LTTng trace by itself in folder format
+  - WPA -> Open -> Folder (Select CTF folder)
+- Unified (LTTng or other multiple different logs files together)
+  - If you want to open other logs together in single timeline - Copy other Linux logs you want to open to single folder
+  - Example: You want to open in the same timeline: LTTng, Perf CPU Sampling, Dmesg
+  - Ensure that the Linux CTF folder/trace is zipped and renamed to .ctf in the same folder (hack so open Unified works)
+  - WPA -> File -> Open -> Multi-select all files and choose "Open Unified"
+
+# How do I use WPA in general?
+If you want to learn how to use the GUI UI in general see [WPA MSDN Docs](https://docs.microsoft.com/en-us/windows-hardware/test/wpt/windows-performance-analyzer)
 
 ## Contributing
 

README.md

@@ -1,25 +1,12 @@
-# TODO: The maintainer of this repo has not yet edited this file
-
-**REPO OWNER**: Do you want Customer Service & Support (CSS) support for this product/project?
-
-- **No CSS support:** Fill out this template with information about how to file issues and get help.
-- **Yes CSS support:** Fill out an intake form at [aka.ms/spot](https://aka.ms/spot). CSS will work with/help you to determine next steps. More details also available at [aka.ms/onboardsupport](https://aka.ms/onboardsupport).
-- **Not sure?** Fill out a SPOT intake as though the answer were "Yes". CSS will help you decide.
-
-*Then remove this first heading from this SUPPORT.MD file before publishing your repo.*
-
-# Support
 
 ## How to file issues and get help  
 
 This project uses GitHub Issues to track bugs and feature requests. Please search the existing 
 issues before filing new issues to avoid duplicates.  For new issues, file your bug or 
 feature request as a new Issue.
 
-For help and questions about using this project, please **REPO MAINTAINER: INSERT INSTRUCTIONS HERE 
-FOR HOW TO ENGAGE REPO OWNERS OR COMMUNITY FOR HELP. COULD BE A STACK OVERFLOW TAG OR OTHER
-CHANNEL. WHERE WILL YOU HELP PEOPLE?**.
+For help and questions about using this project, please use https://stackoverflow.com/ with the tag [microsoft-perf-tools-linux]
 
 ## Microsoft Support Policy  
 
-Support for this **PROJECT or PRODUCT** is limited to the resources listed above.
+Support for this project is limited to the resources listed above.