[OpenBSD]

Manual Page Search Parameters
ktrace(1) enable kernel process tracing
ktrace(2) process tracing
ktrace, ktrgenio, ktrnamei, KTRPOINT, ktrpsig, ktrsyscall, ktrsysret(9) process tracing kernel interface

KTRACE(1) General Commands Manual KTRACE(1)

NAME

ktraceenable kernel process tracing

SYNOPSIS

ktrace [-aBCcdi] [-f trfile] [-g pgid] [-p pid] [-t trstr]

ktrace [-adi] [-f trfile] [-t trstr] command

DESCRIPTION

ktrace enables kernel trace logging for the specified processes. By default, kernel trace data is logged to the file ktrace.out, unless overridden by the -f option. The kernel operations traced are system calls, namei translations, signal processing and I/O.
Once tracing is enabled on a process, trace data will be logged until either the process exits or the trace point is cleared. A traced process can generate enormous amounts of log data quickly; it is strongly suggested that users memorize how to disable tracing before attempting to trace a process. The following command is sufficient to disable tracing on all user owned processes and, if executed by root, all processes:
$ ktrace -C
The trace file is not human-readable; use kdump(1) to decode it.
The options are as follows:
 
 
-a
Append to the trace file instead of recreating it.
 
 
-B
Set the LD_BIND_NOW environment variable to specify that the dynamic linker should process relocations immediately instead of as they are encountered. This eliminates the resulting ld.so(1) relocation sequences.
 
 
-C
Disable tracing on all user owned processes and, if executed by root, all processes in the system.
 
 
-c
Clear the trace points associated with the trace file or any specified processes.
 
 
-d
Descendants; perform the operation for all current children of the designated processes.
 
 
-f trfile
Log trace records to trfile instead of ktrace.out.
 
 
-g pgid
Enable (disable) tracing on all processes in the process group (only one -g flag is permitted).
 
 
-i
Inherit; pass the trace flags to all future children of the designated processes.
 
 
-p pid
Enable (disable) tracing on the indicated process ID (only one -p flag is permitted).
 
 
-t trstr
The string argument represents the kernel trace points, one per letter. By default all trace points except for X are enabled. The following table equates the letters with the trace points:
c
trace system calls
i
trace I/O
n
trace namei translations
p
trace violation of pledge(2) restrictions
s
trace signal processing
t
trace various structures
u
trace user data coming from utrace(2)
x
trace argument vector in execve(2)
X
trace environment in execve(2)
+
trace the default points
 
 
command
Execute command with the specified trace flags.
The -p, -g, and command options are mutually exclusive.

FILES

ktrace.out
default ktrace dump file

EXAMPLES

Trace all kernel operations of process ID 34:
$ ktrace -p 34
Trace all kernel operations of processes in process group 15 and pass the trace flags to all current and future children:
$ ktrace -idg 15
Disable all tracing of process 65:
$ ktrace -cp 65
Disable tracing signals on process 70 and all current children:
$ ktrace -t s -cdp 70
Enable tracing of I/O on process 67:
$ ktrace -ti -p 67
Run the command w(1), tracing only system calls:
$ ktrace -tc w
Disable all tracing to the file "tracedata":
$ ktrace -c -f tracedata
Disable tracing of all processes owned by the user:
$ ktrace -C

SEE ALSO

kdump(1), ktrace(2), utrace(2)

HISTORY

The ktrace command appeared in 4.4BSD.
July 18, 2016 OpenBSD-current