ktrace(1)	enable kernel process tracing
ktrace(2)	process tracing
ktrace, ktrgenio, ktrnamei, KTRPOINT, ktrpsig, ktrsyscall, ktrsysret(9)	process tracing kernel interface

NAME

ktrace — enable kernel process tracing

SYNOPSIS

ktrace [-aCcdi] [-f trfile] [-g pgid] [-p pid] [-t trstr]

ktrace [-aBdiT] [-f trfile] [-t trstr] command

DESCRIPTION

ktrace enables kernel trace logging for the specified processes. By default, kernel trace data is logged to the file ktrace.out, unless overridden by the -f option. The kernel operations traced are system calls, namei translations, signal processing and I/O.

Once tracing is enabled on a process, trace data will be logged until either the process exits or the trace point is cleared. A traced process can generate enormous amounts of log data quickly; it is strongly suggested that users memorize how to disable tracing before attempting to trace a process. The following command is sufficient to disable tracing on all user owned processes and, if executed by root, all processes:

$ ktrace -C

The trace file is not human-readable; use kdump(1) to decode it.

The options are as follows:

-a

Append to the trace file instead of recreating it.

-B

Set the LD_BIND_NOW environment variable to specify that the dynamic linker should process relocations immediately instead of as they are encountered. This eliminates the resulting ld.so(1) relocation sequences.

-C

Disable tracing on all user owned processes and, if executed by root, all processes in the system.

-c

Clear the trace points associated with the trace file or any specified processes.

-d

Descendants; perform the operation for all current children of the designated processes.

-f trfile

Log trace records to trfile instead of ktrace.out.

-g pgid

Enable (disable) tracing on all processes in the process group (only one -g flag is permitted).

-i

Inherit; pass the trace flags to all future children of the designated processes.

-p pid

Enable (disable) tracing on the indicated process ID (only one -p flag is permitted).

-T

Disable userland timekeeping, making time related system calls more prevalent.

-t trstr

Select which information to put into the dump file. The argument can contain one or more of the following letters. By default all trace points except for X are enabled.

c: trace system calls
i: trace I/O
n: trace namei translations
p: trace violation of pledge(2) restrictions
s: trace signal processing
t: trace various structures
u: trace user data coming from utrace(2)
x: trace argument vector in execve(2)
X: trace environment in execve(2)
+: trace the default points

command

Execute command with the specified trace flags.

The -p, -g, and command options are mutually exclusive.

FILES

ktrace.out: default ktrace dump file

EXAMPLES

Trace all kernel operations of process ID 34:

$ ktrace -p 34

Trace all kernel operations of processes in process group 15 and pass the trace flags to all current and future children:

$ ktrace -idg 15

Disable all tracing of process 65:

$ ktrace -cp 65

Disable tracing signals on process 70 and all current children:

$ ktrace -t s -cdp 70

Enable tracing of I/O on process 67:

$ ktrace -ti -p 67

Run the command w(1), tracing only system calls:

$ ktrace -tc w

Disable all tracing to the file "tracedata":

$ ktrace -c -f tracedata

Disable tracing of all processes owned by the user:

$ ktrace -C

HISTORY

The ktrace command appeared in 4.4BSD.

OpenBSD manual page server