Commands tagged strace sorted by votes

Commands tagged strace (19)

sorted by

intercept stdout/stderr of another process
This is sample output - yours may be different.
59

strace -ff -e trace=write -e write=1,2 -p SOME_PID

oernii2 · 2010-04-20 08:55:54 11
List files accessed by a command

Can be run as a script `ftrace` if my_command is substrituted with "$@" It is useful when running a command that fails and you have the feeling it is accessing a file you are not aware of. Show Sample Output
This is sample output - yours may be different.
```
$ strace -ff -e trace=file chmod 755 ~/bin/ftrace 2>&1 | perl -ne 's/^[^"]+"(([^\\"]|\\[\\"nt])*)".*/$1/ && print'
/bin/chmod
/etc/ld.so.nohwcap
/etc/ld.so.preload
/etc/ld.so.cache
/etc/ld.so.nohwcap
/lib/x86_64-linux-gnu/libc.so.6
/usr/lib/locale/locale-archive
/home/tange/bin/ftrace
/home/tange/bin/ftrace
```
17

strace -ff -e trace=file my_command 2>&1 | perl -ne 's/^[^"]+"(([^\\"]|\\[\\"nt])*)".*/$1/ && print'

unixmonkey8046 · 2011-08-16 15:00:18 9
intercept stdout/stderr of another process

similar to the previous command, but with more friendly output (tested on linux)
This is sample output - yours may be different.
10

strace -ff -e write=1,2 -s 1024 -p PID 2>&1 | grep "^ |" | cut -c11-60 | sed -e 's/ //g' | xxd -r -p

systemj · 2010-04-23 16:22:17 4
See why a program can't seem to access a file

Sometimes a program refuses to read a file and you're not sure why. You may have display_errors turned off for PHP or something. In this example, fopen('/var/www/test/foo.txt') was called but doesn't have read access to foo.txt. Strace can tell you what went wrong. E.g., if php doesn't have read access to the file, strace will say "EACCESS (Permission denied)". Or, if the file path you gave doesn't exist, strace will say "ENOENT (No such file or directory)", etc. This works for any program you can run from the command-line, e.g., strace python myapp.py -e open,access... Note: the above command uses php-cli, not mod_php, which is a different SAPI with diff configs, etc. Show Sample Output
This is sample output - yours may be different.
```
open("/var/www/test/filename.txt", O_RDONLY|O_LARGEFILE) = -1 EACCES (Permission denied)
```
7

strace php tias.php -e open,access 2>&1 | grep foo.txt

rkulla · 2010-04-20 19:42:42 6
Strace all signals processes based on a name ( The processes already started... ) with bash built-in

Especially for sysadmins when they don't want to waste time to add -p flag on the N processes of a processname. In the old school, you did ; pgrep processname and typing strace -f -p 456 -p 678 -p 974... You can add -f argument to the function. That way, the function will deal with pgrep to match the command-line. Example : processname -f jrockit
This is sample output - yours may be different.
3

straceprocessname(){ x=( $(pgrep "$@") ); [[ ${x[@]} ]] || return 1; strace -vf ${x[@]/#/-p }; }

sputnick · 2009-12-03 00:04:39 8

Terminal Escape Code Zen - Strace and Tput

Depending on the TERM, the terminfo version, ncurses version, etc.. you may be using a varied assortment of terminal escape codes. With this command you can easily find out exactly what is going on.. This is terminal escape zen! ( 2>&2 strace -f -F -e write -s 1000 sh -c 'echo -e "initc\nis2\ncnorm\nrmso\nsgr0" | tput -S' 2>&1 ) | grep -o '"\\[^"]*"' --color=always "\33]4;%p1%d;rgb:%p2%{255}%*%{1000}%/%2.2X/%p3%{255}%*%{1000}%/%2.2X/%p4%{255}%*%{1000}%/%2.2X\33\\\33[!p\33[?3;4l\33[4l\33>\33[?12l\33[?25h\33[27m\33(B\33[m" Lets say you want to find out what you need to echo in order to get the text to blink.. echo -e "`tput blink`This will blink`tput sgr0` This wont" Now you can use this function instead of calling tput (tput is much smarter for portable code because it works differently depending on the current TERM, and tput -T anyterm works too.) to turn that echo into a much faster executing code. tput queries files, opens files, etc.. but echo is very strait and narrow. So now you can do this: echo -e "\33[5mThis will blink\33(B\33[m This wont" More at http://www.askapache.com/linux-unix/bash_profile-functions-advanced-shell.html Show Sample Output

This is sample output - yours may be different.

$ for cap in `infocmp -1q|sed 's/ *//g'|grep -v '#\||' |cut -d= -f1|tr "\n" ' '`; do echo "$cap: `termtrace $cap 5`"; done
bel: "\7"
blink: "\33[5m"
bold: "\33[1m"
cbt: "\33[Z"
civis: "\33[?25l"
clear: "\33[H\33[2J"
cnorm: "\33[?12l\33[?25h"
cr: "\r"
csr: "\33[6;1r"
cub: "\33[5D"
cub1: "\10"
cud: "\33[5B"
cud1: "\n"
cuf: "\33[5C"
cuf1: "\33[C"
cup: "\33[6;1H"
cuu: "\33[5A"
cuu1: "\33[A"
cvvis: "\33[?12;25h"
dch: "\33[5P"
dch1: "\33[P"
dl: "\33[5M"
dl1: "\33[M"
ech: "\33[5X"
ed: "\33[J"
el: "\33[K"
el1: "\33[1K"
flash: "\33[?5h"
"\33[?5l"
home: "\33[H"
hpa: "\33[6G"
ht: "\t"
hts: "\33H"
ich: "\33[5@"
il: "\33[5L"
il1: "\33[L"
ind: "\n"
indn: "\33[5S"
initc: "\33]4;5;rgb:00/00/00\33\\"
invis: "\33[8m"
is2: "\33[!p\33[?3;4l\33[4l\33>"
kDC: "\33[3;2~"
kEND: "\33[1;2F"
kHOM: "\33[1;2H"
kIC: "\33[2;2~"
kLFT: "\33[1;2D"
kNXT: "\33[6;2~"
kPRV: "\33[5;2~"
kRIT: "\33[1;2C"
kb2: "\33OE"
kbs: "\177"
kcbt: "\33[Z"
kcub1: "\33OD"
kcud1: "\33OB"
kcuf1: "\33OC"
kcuu1: "\33OA"
kdch1: "\33[3~"
kend: "\33OF"
kent: "\33OM"
kf1: "\33OP"
kf10: "\33[21~"
kf11: "\33[23~"
kf12: "\33[24~"
kf13: "\33O2P"
kf14: "\33O2Q"
kf15: "\33O2R"
kf16: "\33O2S"
kf17: "\33[15;2~"
kf18: "\33[17;2~"
kf19: "\33[18;2~"
kf2: "\33OQ"
kf20: "\33[19;2~"
kf21: "\33[20;2~"
kf22: "\33[21;2~"
kf23: "\33[23;2~"
kf24: "\33[24;2~"
kf25: "\33O5P"
kf26: "\33O5Q"
kf27: "\33O5R"
kf28: "\33O5S"
kf29: "\33[15;5~"
kf3: "\33OR"
kf30: "\33[17;5~"
kf31: "\33[18;5~"
kf32: "\33[19;5~"
kf33: "\33[20;5~"
kf34: "\33[21;5~"
kf35: "\33[23;5~"
kf36: "\33[24;5~"
kf37: "\33O6P"
kf38: "\33O6Q"
kf39: "\33O6R"
kf4: "\33OS"
kf40: "\33O6S"
kf41: "\33[15;6~"
kf42: "\33[17;6~"
kf43: "\33[18;6~"
kf44: "\33[19;6~"
kf45: "\33[20;6~"
kf46: "\33[21;6~"
kf47: "\33[23;6~"
kf48: "\33[24;6~"
kf49: "\33O3P"
kf5: "\33[15~"
kf50: "\33O3Q"
kf51: "\33O3R"
kf52: "\33O3S"
kf53: "\33[15;3~"
kf54: "\33[17;3~"
kf55: "\33[18;3~"
kf56: "\33[19;3~"
kf57: "\33[20;3~"
kf58: "\33[21;3~"
kf59: "\33[23;3~"
kf6: "\33[17~"
kf60: "\33[24;3~"
kf61: "\33O4P"
kf62: "\33O4Q"
kf63: "\33O4R"
kf7: "\33[18~"
kf8: "\33[19~"
kf9: "\33[20~"
khome: "\33OH"
kich1: "\33[2~"
kind: "\33[1;2B"
kmous: "\33[M"
knp: "\33[6~"
kpp: "\33[5~"
kri: "\33[1;2A"
mc0: "\33[i"
mc4: "\33[4i"
mc5: "\33[5i"
meml: "\33l"
memu: "\33m"
op: "\33[39;49m"
rc: "\0338"
rev: "\33[7m"
ri: "\33M"
rin: "\33[5T"
rmacs: "\33(B"
rmam: "\33[?7l"
rmcup: "\33[?1049l"
rmir: "\33[4l"
rmkx: "\33[?1l\33>"
rmso: "\33[27m"
rmul: "\33[24m"
rs1: "\33c"
rs2: "\33[!p\33[?3;4l\33[4l\33>"
sc: "\0337"
setab: "\33[45m"
setaf: "\33[35m"
sgr0: "\33(B\33[m"
smacs: "\33(0"
smam: "\33[?7h"
smcup: "\33[?1049h"
smir: "\33[4h"
smkx: "\33[?1h\33="
smso: "\33[7m"
smul: "\33[4m"
tbc: "\33[3g"
u6: "\33[5;0R"
u7: "\33[6n"
u8: "\33[?1;2c"
u9: "\33[c"
vpa: "\33[6d"

termtrace(){( strace -s 1000 -e write tput $@ 2>&2 2>&1 ) | grep -o '"[^"]*"';}

AskApache · 2010-03-17 08:53:41 7

intercept stdout/stderr of another process or disowned process

Useful to recover a output(stdout and stderr) "disown"ed or "nohup"ep process of other instance of ssh. With the others options the stdout / stderr is intercepted, but only the first n chars. This way we can recover ALL text of stdout or stderr Show Sample Output
This is sample output - yours may be different.
```
{ i=0; while sleep 1; do echo -e "writing a long line to stdout 1 [AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA] 2 [BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB] 3 [CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC] \nline2 == var i=$((i++))";done; } > /dev/null & PID=$!
```
3

strace -e write=1,2 -p $PID 2>&1 | sed -un "/^ |/p" | sed -ue "s/^.\{9\}$.\{50\}$.\+/\1/g" -e 's/ //g' | xxd -r -p

glaudiston · 2010-10-06 19:37:39 4
easily strace all your apache *child* processes

Like the original version except it does not include the parent apache process or the grep process and adds "sudo" so it can be run by user.
This is sample output - yours may be different.
3

ps h --ppid $(cat /var/run/apache2.pid) | awk '{print"-p " $1}' | xargs sudo strace

colinmollenhour · 2012-03-21 01:59:41 3
easily strace all your apache processes

Will open strace on all apache process, on systems using sbin/apache (debian) or sbin/httpd (redhat), and will follow threads newly created.
This is sample output - yours may be different.
3

ps auxw | grep -E 'sbin/(apache|httpd)' | awk '{print"-p " $2}' | xargs strace -F

gormux · 2016-08-04 10:59:58 14
strace like SystemTap script

The stap script is : #! /usr/bin/env stap probe syscall.* { if (pid() == target()) printf("%s %s\n", name, argstr); } Show Sample Output
This is sample output - yours may be different.
```
using stap it is possible to circumvent anti-ptrace protections inside binaries.
```
2

stap -v strace.stp -c /path/to/command

gerard · 2011-10-07 08:27:57 18
See what apache is doing without restarting it in debug mode
This is sample output - yours may be different.
0

pidof httpd | sed 's/ / -p /g' | xargs strace -fp

daniele · 2011-06-28 09:53:19 3
strace alternative for Mac OS X

Usefull tool for debug process. Show Sample Output
This is sample output - yours may be different.
```
	PID/THRD  RELATIVE  ELAPSD    CPU SYSCALL(args) 		 = return
18831/0x151a01:   7205192     331      4 read(0x4, "a\0", 0x4000)		 = 1 0
18831/0x151a01:   7205215      14      4 select(0x7, 0x100115850, 0x100118FC0, 0x0, 0x0)		 = 1 0
```
0

dtruss [ -p <pid> | -n <pname> ]

Zulu · 2013-02-22 11:09:55 5
strace a program

How to figure out what a program is doing. -tt detailed timestamps -f also strace any child processes -v be very verbose, even with common structures -o write output to file -s N capture up to N characters of strings, rather than abbreviating with ...
This is sample output - yours may be different.
0

strace -ttvfo /tmp/logfile -s 1024 program

ryanchapman · 2013-07-06 08:19:29 6
easily strace all your apache processes
This is sample output - yours may be different.
0

pgrep -f /usr/sbin/httpd | awk '{print"-p " $1}' | xargs strace

savagemike · 2015-06-10 22:55:35 12
easily strace all your apache *child* processes

On debian parent process is running as root, workers as www-data. You can run strace in backgroud, get its PID, curl your webpage, kill strace and read your stats.
This is sample output - yours may be different.
0

strace -c $(ps -u www-data o pid= | sed 's/^/-p/')

brablc · 2015-11-25 08:10:52 11
easily trace all Nginx processes

Nginx (and other webservers like Apache) can be awkward to trace. They run as root, then switch to another user once they're ready to serve web pages. They also have a "master" process and multiple worker processes. The given command finds the process IDs of all Nginx processes, joins them together with a comma, then traces all of them at once with "sudo strace." System trace output can be overwhelming, so we only capture "networking" output. TIP: to kill this complex strace, do "sudo killall strace". Compare with a similar command: http://www.commandlinefu.com/commands/view/11918/easily-strace-all-your-apache-processes Show Sample Output
This is sample output - yours may be different.
```
# grab an Nginx web page:
#     curl -so /dev/null localhost

[pid  1145] accept4(6, {sa_family=AF_INET, sin_port=htons(57358), sin_addr=inet_addr("127.0.0.1")}, [16], SOCK_NONBLOCK) = 10
[pid  1145] recvfrom(10, "GET / HTTP/1.1\r\nUser-Agent: curl"..., 1024, 0, NULL, NULL) = 73
[pid  1145] setsockopt(10, SOL_TCP, TCP_CORK, [1], 4) = 0
[pid  1145] sendfile(10, 11, [0], 612)  = 612
[pid  1145] setsockopt(10, SOL_TCP, TCP_CORK, [0], 4) = 0
[pid  1145] recvfrom(10, 0xa7e1c0, 1024, 0, 0, 0) = -1 EAGAIN (Resource temporarily unavailable)
[pid  1145] recvfrom(10, "", 1024, 0, NULL, NULL) = 0
```
0

sudo strace -e trace=network -p `pidof nginx | sed -e 's/ /,/g'`

shavenwarthog · 2016-01-28 18:48:16 12
easily strace all your apache processes
This is sample output - yours may be different.
0

strace -p "`pidof httpd`"

weirdan · 2016-07-28 01:34:55 13
easily strace all your apache processes

No need for grep or xargs
This is sample output - yours may be different.
0

ps auxw | awk '/(apache|httpd)/{print"strace -F -p " $2}' | sh

AdvancedThreat · 2017-11-26 17:34:41 20
easily strace all your apache processes
This is sample output - yours may be different.
-1

ps -C apache o pid= | sed 's/^/-p /' | xargs strace

depesz · 2011-03-15 08:46:33 3

What's this?

commandlinefu.com is the place to record those command-line gems that you return to again and again. That way others can gain from your CLI wisdom and you from theirs too. All commands can be commented on, discussed and voted up or down.

Share Your Commands

Check These Out

Save your terminal commands in bash history in real time

Use this command if you want your terminal commands be saved in your history file in real time instead of waiting until the terminal is closed

Reset terminal that has been buggered by binary input or similar

Check for Firewall Blockage.

This is just one method of checking to see if an IP is blocked via IP tables or CSF. Simple and to the point. Replace xx.xx.xx.xx with the IP you wish to check.

List all authors of a particular git project

This should work even if the output format changes.

list all file extensions in a directory

Just a little simplification.

Find status of all symlinks

The symlinks command can show status of all symbolic links, including which links are dangling, which symlinks point to files on other file systems, which symlinks use ../ more than necessary, which symlinks are messy (e.g. having too many slashes or dots), etc. Other useful things it can do include removing all dangling links (-d) and converting absolute links to relative links (-c). The path given must be an absolute path (which is why I used $(pwd) in the example command).

Get the Volume labels all bitlocker volumes had before being encrypted

Get information of volume labels of bitlocker volumes, even if they are encrypted and locked (no access to filesystem, no password provided). Note that the volume labels can have spaces, but only if you name then before encryption. Renaming a bitlocker partition after being encrypted does not have the same effect as doing it before.

Randomize lines in a file

Works in sort (GNU coreutils) 7.4, don't know when it was implemented but sometime the last 6 years.

show all key and mouse events

for mousevents, move the mouse over the window and click/move etc. usefull for getting mouseKeys, or keyKeys. also usefull for checking if X gets those mouse-events.

Check a directory of PNG files for errors

Useful for checking if a large number of PNG files was downloaded successfully by verifying the built-in CRC checksum. For incomplete files, the command will print: "00002309.png EOF while reading IDAT data ERROR: 00002309.png" The process is very fast; checking 21,000 files of 5MB in size took only five minutes on a 2011 Intel mobile dual-core.

Stay in the loop…

Follow the Tweets.

Every new command is wrapped in a tweet and posted to Twitter. Following the stream is a great way of staying abreast of the latest commands. For the more discerning, there are Twitter accounts for commands that get a minimum of 3 and 10 votes - that way only the great commands get tweeted.

» http://twitter.com/commandlinefu
» http://twitter.com/commandlinefu3
» http://twitter.com/commandlinefu10

Subscribe to the feeds.

Use your favourite RSS aggregator to stay in touch with the latest commands. There are feeds mirroring the 3 Twitter streams as well as for virtually every other subset (users, tags, functions,…):

Subscribe to the feed for:

» all commands
» commands with 3 up-votes (commandlinefu3)
» commands with 10 up-votes (commandlinefu10)
» commands tagged strace

Commands tagged strace (19) the last day the last week the last month all time sorted by date votes

What's this?

Check These Out

Stay in the loop…

Commands tagged strace (19)

sorted by