ktrace —
enable kernel process tracing
ktrace |
[ -aBCcdi
]
[-f
trfile
]
[-g
pgid
]
[-p
pid
]
[-t
trstr
] |
ktrace |
[ -adi
]
[-f
trfile
]
[-t
trstr
]
command |
ktrace enables kernel trace logging for the
specified processes. By default, kernel trace data is logged to the file
ktrace.out, unless overridden by the
-f option. The kernel operations traced are
system calls, namei translations, signal processing and I/O.
Once tracing is enabled on a process, trace data will be logged until either the
process exits or the trace point is cleared. A traced process can generate
enormous amounts of log data quickly; it is strongly suggested that users
memorize how to disable tracing before attempting to trace a process. The
following command is sufficient to disable tracing on all user owned processes
and, if executed by root, all processes:
$ ktrace -C
The trace file is not human-readable; use
kdump(1) to decode it.
The options are as follows:
-
-
-a- Append to the trace file instead of recreating it.
-
-
-B- Set the
LD_BIND_NOW environment
variable to specify that the dynamic linker should process relocations
immediately instead of as they are encountered. This eliminates the
resulting ld.so(1) relocation
sequences.
-
-
-C- Disable tracing on all user owned processes and, if executed by root, all
processes in the system.
-
-
-c- Clear the trace points associated with the trace file or any specified
processes.
-
-
-d- Descendants; perform the operation for all current children of the
designated processes.
-
-
-f
trfile- Log trace records to trfile instead of
ktrace.out.
-
-
-g
pgid- Enable (disable) tracing on all processes in the process group (only one
-g flag is permitted).
-
-
-i- Inherit; pass the trace flags to all future children of the designated
processes.
-
-
-p
pid- Enable (disable) tracing on the indicated process ID (only one
-p flag is permitted).
-
-
-t
trstr- The string argument represents the kernel trace points, one per letter. By
default all trace points except for
X
are enabled. The following table equates the letters with the trace
points:
c- trace system calls
i- trace I/O
n- trace namei translations
p- trace violation of
pledge(2)
restrictions
s- trace signal processing
t- trace various structures
u- trace user data coming from
utrace(2)
x- trace argument vector in
execve(2)
X- trace environment in
execve(2)
+- trace the default points
-
-
- command
- Execute command with the specified trace
flags.
The
-p,
-g, and
command options are mutually exclusive.
- ktrace.out
- default ktrace dump file
Trace all kernel operations of process ID 34:
$ ktrace -p 34
Trace all kernel operations of processes in process group 15 and pass the trace
flags to all current and future children:
$ ktrace -idg 15
Disable all tracing of process 65:
$ ktrace -cp 65
Disable tracing signals on process 70 and all current children:
$ ktrace -t s -cdp 70
Enable tracing of I/O on process 67:
$ ktrace -ti -p 67
Run the command
w(1), tracing only
system calls:
$ ktrace -tc w
Disable all tracing to the file "tracedata":
$ ktrace -c -f tracedata
Disable tracing of all processes owned by the user:
$ ktrace -C
kdump(1),
ktrace(2),
utrace(2)
The
ktrace command appeared in
4.4BSD.
![[OpenBSD]](/openbsd.gif){kind=small}