OpenBSD manual page server

Manual Page Search Parameters
KTRACE(1) General Commands Manual KTRACE(1)

ktraceenable kernel process tracing

ktrace [-aCcdi] [-f trfile] [-g pgid] [-p pid] [-t trstr]

ktrace [-aBdiT] [-f trfile] [-t trstr] command

ktrace enables kernel trace logging for the specified processes. By default, kernel trace data is logged to the file ktrace.out, unless overridden by the -f option. The kernel operations traced are system calls, namei translations, signal processing and I/O.

Once tracing is enabled on a process, trace data will be logged until either the process exits or the trace point is cleared. A traced process can generate enormous amounts of log data quickly; it is strongly suggested that users memorize how to disable tracing before attempting to trace a process. The following command is sufficient to disable tracing on all user owned processes and, if executed by root, all processes:

$ ktrace -C

The trace file is not human-readable; use kdump(1) to decode it.

The options are as follows:

Append to the trace file instead of recreating it.
Set the LD_BIND_NOW environment variable to specify that the dynamic linker should process relocations immediately instead of as they are encountered. This eliminates the resulting ld.so(1) relocation sequences.
Disable tracing on all user owned processes and, if executed by root, all processes in the system.
Clear the trace points associated with the trace file or any specified processes.
Descendants; perform the operation for all current children of the designated processes.
trfile
Log trace records to trfile instead of ktrace.out.
pgid
Enable (disable) tracing on all processes in the process group (only one -g flag is permitted).
Inherit; pass the trace flags to all future children of the designated processes.
pid
Enable (disable) tracing on the indicated process ID (only one -p flag is permitted).
Disable userland timekeeping, making time related system calls more prevalent.
trstr
Select which information to put into the dump file. The argument can contain one or more of the following letters. By default all trace points except for X are enabled.

trace system calls
trace I/O
trace namei translations
trace violation of pledge(2) restrictions
trace signal processing
trace various structures
trace user data coming from utrace(2)
trace argument vector in execve(2)
trace environment in execve(2)
trace the default points
command
Execute command with the specified trace flags.

The -p, -g, and command options are mutually exclusive.

ktrace.out
default ktrace dump file

Trace all kernel operations of process ID 34:

$ ktrace -p 34

Trace all kernel operations of processes in process group 15 and pass the trace flags to all current and future children:

$ ktrace -idg 15

Disable all tracing of process 65:

$ ktrace -cp 65

Disable tracing signals on process 70 and all current children:

$ ktrace -t s -cdp 70

Enable tracing of I/O on process 67:

$ ktrace -ti -p 67

Run the command w(1), tracing only system calls:

$ ktrace -tc w

Disable all tracing to the file "tracedata":

$ ktrace -c -f tracedata

Disable tracing of all processes owned by the user:

$ ktrace -C

kdump(1), ktrace(2), utrace(2)

The ktrace command appeared in 4.4BSD.

July 16, 2020 OpenBSD-7.1