kernel process tracing
enables kernel trace logging for the
specified processes. By default, kernel trace data is logged to the file
, unless overridden by the
option. The kernel operations traced are
system calls, namei translations, signal processing and I/O.
Once tracing is enabled on a process, trace data will be logged until either the
process exits or the trace point is cleared. A traced process can generate
enormous amounts of log data quickly; it is strongly suggested that users
memorize how to disable tracing before attempting to trace a process. The
following command is sufficient to disable tracing on all user owned processes
and, if executed by root, all processes:
$ ktrace -C
The trace file is not human-readable; use
to decode it.
The options are as follows:
- Append to the trace file instead of recreating it.
- Set the
environment variable to specify that the dynamic linker should process
relocations immediately instead of as they are encountered. This
eliminates the resulting
- Disable tracing on all user owned processes and, if
executed by root, all processes in the system.
- Clear the trace points associated with the trace file or
any specified processes.
- Descendants; perform the operation for all current children
of the designated processes.
- Log trace records to
trfile instead of
- Enable (disable) tracing on all processes in the process
group (only one -g flag is permitted).
- Inherit; pass the trace flags to all future children of the
- Enable (disable) tracing on the indicated process ID (only
one -p flag is permitted).
- The string argument represents the kernel trace points, one
per letter. By default all trace points except for
X are enabled. The following table equates
the letters with the trace points:
- trace system calls
- trace I/O
- trace namei translations
- trace violation of
- trace signal processing
- trace various structures
- trace user data coming from
- trace argument vector in
- trace environment in
- trace the default points
- Execute command with the
specified trace flags.
options are mutually exclusive.
- default ktrace dump file
Trace all kernel operations of process ID 34:
$ ktrace -p 34
Trace all kernel operations of processes in process group 15 and pass the trace
flags to all current and future children:
$ ktrace -idg 15
Disable all tracing of process 65:
$ ktrace -cp 65
Disable tracing signals on process 70 and all current children:
$ ktrace -t s -cdp 70
Enable tracing of I/O on process 67:
$ ktrace -ti -p 67
Run the command w(1)
, tracing only
$ ktrace -tc w
Disable all tracing to the file "tracedata":
$ ktrace -c -f tracedata
Disable tracing of all processes owned by the user:
$ ktrace -C
command appeared in