NAME
ktrace
—
enable kernel process
tracing
SYNOPSIS
ktrace |
[-aBCcdi ] [-f
trfile] [-g
pgid] [-p
pid] [-t
trstr] |
ktrace |
[-adi ] [-f
trfile] [-t
trstr] command |
DESCRIPTION
ktrace
enables kernel trace logging for
the specified processes. By default, kernel trace data is logged to the file
ktrace.out, unless overridden by the
-f
option. The kernel operations traced are system
calls, namei translations, signal processing, I/O and emulation changes.
Once tracing is enabled on a process, trace data will be logged until either the process exits or the trace point is cleared. A traced process can generate enormous amounts of log data quickly; it is strongly suggested that users memorize how to disable tracing before attempting to trace a process. The following command is sufficient to disable tracing on all user owned processes and, if executed by root, all processes:
$ ktrace -C
The trace file is not human-readable; use kdump(1) to decode it.
The options are as follows:
-a
- Append to the trace file instead of recreating it.
-B
- Set the
LD_BIND_NOW
environment variable to specify that the dynamic linker should process relocations immediately instead of as they are encountered. This eliminates the resulting ld.so(1) relocation sequences. -C
- Disable tracing on all user owned processes and, if executed by root, all processes in the system.
-c
- Clear the trace points associated with the trace file or any specified processes.
-d
- Descendants; perform the operation for all current children of the designated processes.
-f
trfile- Log trace records to trfile instead of ktrace.out.
-g
pgid- Enable (disable) tracing on all processes in the process group (only one
-g
flag is permitted). -i
- Inherit; pass the trace flags to all future children of the designated processes.
-p
pid- Enable (disable) tracing on the indicated process ID (only one
-p
flag is permitted). -t
trstr- The string argument represents the kernel trace points, one per letter.
The default flags are
c
,e
,i
,n
,s
,t
, andu
. The following table equates the letters with the tracepoints: - command
- Execute command with the specified trace flags.
The -p
, -g
, and
command options are mutually exclusive.
FILES
- ktrace.out
- default ktrace dump file
EXAMPLES
Trace all kernel operations of process ID 34:
$ ktrace -p 34
Trace all kernel operations of processes in process group 15 and pass the trace flags to all current and future children:
$ ktrace -idg 15
Disable all tracing of process 65:
$ ktrace -cp 65
Disable tracing signals on process 70 and all current children:
$ ktrace -t s -cdp 70
Enable tracing of I/O on process 67:
$ ktrace -ti -p 67
Run the command w(1), tracing only system calls:
$ ktrace -tc w
Disable all tracing to the file "tracedata":
$ ktrace -c -f tracedata
Disable tracing of all processes owned by the user:
$ ktrace -C
SEE ALSO
HISTORY
The ktrace
command appeared in
4.4BSD.