enable kernel process
ktrace enables kernel trace logging for
the specified processes. By default, kernel trace data is logged to the file
ktrace.out, unless overridden by the
-f option. The kernel operations traced are system
calls, namei translations, signal processing, I/O and emulation changes.
Once tracing is enabled on a process, trace data will be logged until either the process exits or the trace point is cleared. A traced process can generate enormous amounts of log data quickly; it is strongly suggested that users memorize how to disable tracing before attempting to trace a process. The following command is sufficient to disable tracing on all user owned processes and, if executed by root, all processes:
$ ktrace -C
The trace file is not human-readable; use kdump(1) to decode it.
The options are as follows:
- Append to the trace file instead of recreating it.
- Set the
LD_BIND_NOWenvironment variable to specify that the dynamic linker should process relocations immediately instead of as they are encountered. This eliminates the resulting ld.so(1) relocation sequences.
- Disable tracing on all user owned processes and, if executed by root, all processes in the system.
- Clear the trace points associated with the trace file or any specified processes.
- Descendants; perform the operation for all current children of the designated processes.
- Log trace records to trfile instead of ktrace.out.
- Enable (disable) tracing on all processes in the process group (only one
-gflag is permitted).
- Inherit; pass the trace flags to all future children of the designated processes.
- Enable (disable) tracing on the indicated process ID (only one
-pflag is permitted).
- The string argument represents the kernel trace points, one per letter.
The default flags are
u. The following table equates the letters with the tracepoints:
- Execute command with the specified trace flags.
command options are mutually exclusive.
- default ktrace dump file
Trace all kernel operations of process ID 34:
$ ktrace -p 34
Trace all kernel operations of processes in process group 15 and pass the trace flags to all current and future children:
$ ktrace -idg 15
Disable all tracing of process 65:
$ ktrace -cp 65
Disable tracing signals on process 70 and all current children:
$ ktrace -t s -cdp 70
Enable tracing of I/O on process 67:
$ ktrace -ti -p 67
Run the command w(1), tracing only system calls:
$ ktrace -tc w
Disable all tracing to the file "tracedata":
$ ktrace -c -f tracedata
Disable tracing of all processes owned by the user:
$ ktrace -C
kdump(1), ktrace(2), utrace(2)
ktrace command appeared in