NAME
ktrace,ktruss
- enable kernel process tracing
SYNOPSIS
ktrace
[-aCcdins]
[-f trfile]
[-g pgrp]
[-p pid]
[-t trstr]
ktrace
[-adis]
[-f trfile]
[-t trstr]
command
ktruss
[-aCcdilnRT]
[-e emulation]
[-f infile]
[-g pgrp]
[-m maxdata]
[-o outfile]
[-p pid]
[-t trstr]
ktruss
[-adinRT]
[-e emulation]
[-m maxdata]
[-o outfile]
[-t trstr]
[-v vers]
command
DESCRIPTION
ktrace
enables kernel trace logging for the specified processes.
Kernel trace data is logged to the file
ktrace.out
.
The kernel operations that are traced include system calls, namei
translations, signal processing, and
I/O.
Once tracing is enabled on a process, trace data will be logged until
either the process exits or the trace point is cleared.
A traced process can generate enormous amounts of log data quickly;
It is strongly suggested that users memorize how to disable tracing before
attempting to trace a process.
The following command is sufficient to disable tracing on all user owned
processes, and, if executed by root, all processes:
$
ktrace
-C
The trace file is not human readable; use
kdump(1)
to decode it.
ktruss
is functionally the same as
ktrace
except that trace output is printed
on standard output or to the file specified with the
-o
option.
ktruss
is useful to see the kernel operations interleaved with
the program output.
The options are as follows:
- -a
-
Append to the trace file instead of truncating it.
- -C
-
Disable tracing on all user owned processes, and, if executed by root, all
processes in the system.
- -c
-
Clear the trace points associated with the specified file or processes.
- -d
-
Descendants; perform the operation for all current children of the
designated processes.
- -f trfile
-
Log trace records to
trfile
instead of
ktrace.out
.
- -f infile
-
Read the trace records from
infile
and print them in a human readable format to standard out.
- -g pgid
-
Enable (disable) tracing on all processes in the process group (only one
-g
flag is permitted).
- -i
-
Inherit; pass the trace flags to all future children of the designated
processes.
- -l
-
Poll the trace file for new data and print it to standard out.
Only for use together with the
-f
option.
- -m maxdata
-
Print at most
maxdata
bytes of data.
This is used for pointer type arguments, e.g., strings.
The data will be escaped in C-style unless
-x
is specified when it will be output in hex and ascii.
- -n
-
Stop tracing if attempts to write to the trace file would block.
This option always affects
ktruss
and only affects
ktrace
when writing to
stdout
.
If this flag is not set, then the traced program will block until it can
write more data to the trace file descriptor.
- -o outfile
-
Log trace records to
outfile.
Without this option
ktruss
will print its output in a human
readable format to standard out.
- -p pid
-
Enable (disable) tracing on the indicated process id (only one
-p
flag is permitted).
- -s
-
Write to the trace file with synchronized I/O.
- -R
-
Display relative time stamps to output.
- -T
-
Same as the
-R
option, but use absolute timestamps instead.
- -t trstr
-
The string argument represents the kernel trace points, one per letter.
The following table equates the letters with the tracepoints:
- A
-
trace all tracepoints
- a
-
trace exec arguments
- c
-
trace system calls
- e
-
trace emulation changes
- i
-
trace
I/O
- l
-
trace Mach out of line data when running Mach binaries with COMPAT_MACH
(currently limited to i386 and powerpc ports).
- m
-
trace Mach messages when running Mach binaries with COMPAT_MACH
(currently limited to i386 and powerpc ports).
- n
-
trace namei translations
- S
-
trace MIB access (sysctl)
- s
-
trace signal processing
- u
-
trace user data
- v
-
trace exec environment
- w
-
trace context switches
- +
-
trace the default set of trace points (c, e, i, l, m, n, s, u)
- -
-
do not trace following trace points
- -e emulation
-
If an emulation of a process is unknown,
interpret system call maps assuming the named emulation instead of
default "netbsd".
- command
-
Execute
command
with the specified trace flags.
- -v version
-
Determines the
version
of the file generated.
Version 0 is the compatible ktrace format, and
version 1 is the new format with lwp IDs and nanosecond (instead of
microsecond) timestamps.
The
-p,
-g,
and
command
options are mutually exclusive.
The
-R
and
-T
options are also mutually exclusive.
EXAMPLES
# trace all kernel operations of process id 34
$
ktrace
-p
34
# trace all kernel operations of processes in process group 15 and
# pass the trace flags to all current and future children
$
ktrace
-idg
15
# disable all tracing of process 65
$
ktrace
-cp
65
# disable tracing signals on process 70 and all current children
$
ktrace
-t
s
-cdp
70
# enable tracing of
I/O
on process 67
$
ktrace
-ti
-p
67
# run the command "w", tracing only system calls
$
ktrace
-tc
w
# disable all tracing to the file "tracedata"
$
ktrace
-c
-f
tracedata
# disable tracing of all processes owned by the user
$
ktrace
-C
# run the command "w", displaying to standard output
$
ktruss
w
# trace process 42 and log the records to "ktruss.out"
$
ktruss
-p
42
-o
ktruss.out
# poll ktruss.out for available records and print them
$
ktruss
-lf
ktruss.out
SEE ALSO
kdump(1),
ktrace(2)
HISTORY
The
ktrace
command appears in
4.4BSD.