Commands tagged strace (19)

  • intercept stdout/stderr of another process


    59
    strace -ff -e trace=write -e write=1,2 -p SOME_PID
    oernii2 · 2010-04-20 08:55:54 11
  • List files accessed by a command

    Can be run as a script `ftrace` if my_command is substrituted with "$@" It is useful when running a command that fails and you have the feeling it is accessing a file you are not aware of. Show Sample Output


    17
    strace -ff -e trace=file my_command 2>&1 | perl -ne 's/^[^"]+"(([^\\"]|\\[\\"nt])*)".*/$1/ && print'
    unixmonkey8046 · 2011-08-16 15:00:18 9
  • intercept stdout/stderr of another process

    similar to the previous command, but with more friendly output (tested on linux)


    10
    strace -ff -e write=1,2 -s 1024 -p PID 2>&1 | grep "^ |" | cut -c11-60 | sed -e 's/ //g' | xxd -r -p
    systemj · 2010-04-23 16:22:17 4
  • See why a program can't seem to access a file

    Sometimes a program refuses to read a file and you're not sure why. You may have display_errors turned off for PHP or something. In this example, fopen('/var/www/test/foo.txt') was called but doesn't have read access to foo.txt. Strace can tell you what went wrong. E.g., if php doesn't have read access to the file, strace will say "EACCESS (Permission denied)". Or, if the file path you gave doesn't exist, strace will say "ENOENT (No such file or directory)", etc. This works for any program you can run from the command-line, e.g., strace python myapp.py -e open,access... Note: the above command uses php-cli, not mod_php, which is a different SAPI with diff configs, etc. Show Sample Output


    7
    strace php tias.php -e open,access 2>&1 | grep foo.txt
    rkulla · 2010-04-20 19:42:42 6
  • Strace all signals processes based on a name ( The processes already started... ) with bash built-in

    Especially for sysadmins when they don't want to waste time to add -p flag on the N processes of a processname. In the old school, you did ; pgrep processname and typing strace -f -p 456 -p 678 -p 974... You can add -f argument to the function. That way, the function will deal with pgrep to match the command-line. Example : processname -f jrockit


    3
    straceprocessname(){ x=( $(pgrep "$@") ); [[ ${x[@]} ]] || return 1; strace -vf ${x[@]/#/-p }; }
    sputnick · 2009-12-03 00:04:39 8
  • Terminal Escape Code Zen - Strace and Tput

    Depending on the TERM, the terminfo version, ncurses version, etc.. you may be using a varied assortment of terminal escape codes. With this command you can easily find out exactly what is going on.. This is terminal escape zen! ( 2>&2 strace -f -F -e write -s 1000 sh -c 'echo -e "initc\nis2\ncnorm\nrmso\nsgr0" | tput -S' 2>&1 ) | grep -o '"\\[^"]*"' --color=always "\33]4;%p1%d;rgb:%p2%{255}%*%{1000}%/%2.2X/%p3%{255}%*%{1000}%/%2.2X/%p4%{255}%*%{1000}%/%2.2X\33\\\33[!p\33[?3;4l\33[4l\33>\33[?12l\33[?25h\33[27m\33(B\33[m" Lets say you want to find out what you need to echo in order to get the text to blink.. echo -e "`tput blink`This will blink`tput sgr0` This wont" Now you can use this function instead of calling tput (tput is much smarter for portable code because it works differently depending on the current TERM, and tput -T anyterm works too.) to turn that echo into a much faster executing code. tput queries files, opens files, etc.. but echo is very strait and narrow. So now you can do this: echo -e "\33[5mThis will blink\33(B\33[m This wont" More at http://www.askapache.com/linux-unix/bash_profile-functions-advanced-shell.html Show Sample Output


    3
    termtrace(){( strace -s 1000 -e write tput $@ 2>&2 2>&1 ) | grep -o '"[^"]*"';}
    AskApache · 2010-03-17 08:53:41 7
  • intercept stdout/stderr of another process or disowned process

    Useful to recover a output(stdout and stderr) "disown"ed or "nohup"ep process of other instance of ssh. With the others options the stdout / stderr is intercepted, but only the first n chars. This way we can recover ALL text of stdout or stderr Show Sample Output


    3
    strace -e write=1,2 -p $PID 2>&1 | sed -un "/^ |/p" | sed -ue "s/^.\{9\}\(.\{50\}\).\+/\1/g" -e 's/ //g' | xxd -r -p
    glaudiston · 2010-10-06 19:37:39 4
  • easily strace all your apache *child* processes

    Like the original version except it does not include the parent apache process or the grep process and adds "sudo" so it can be run by user.


    3
    ps h --ppid $(cat /var/run/apache2.pid) | awk '{print"-p " $1}' | xargs sudo strace
    colinmollenhour · 2012-03-21 01:59:41 3
  • easily strace all your apache processes

    Will open strace on all apache process, on systems using sbin/apache (debian) or sbin/httpd (redhat), and will follow threads newly created.


    3
    ps auxw | grep -E 'sbin/(apache|httpd)' | awk '{print"-p " $2}' | xargs strace -F
    gormux · 2016-08-04 10:59:58 14
  • strace like SystemTap script

    The stap script is : #! /usr/bin/env stap probe syscall.* { if (pid() == target()) printf("%s %s\n", name, argstr); } Show Sample Output


    2
    stap -v strace.stp -c /path/to/command
    gerard · 2011-10-07 08:27:57 18
  • See what apache is doing without restarting it in debug mode


    0
    pidof httpd | sed 's/ / -p /g' | xargs strace -fp
    daniele · 2011-06-28 09:53:19 3
  • strace alternative for Mac OS X

    Usefull tool for debug process. Show Sample Output


    0
    dtruss [ -p <pid> | -n <pname> ]
    Zulu · 2013-02-22 11:09:55 5
  • strace a program

    How to figure out what a program is doing. -tt detailed timestamps -f also strace any child processes -v be very verbose, even with common structures -o write output to file -s N capture up to N characters of strings, rather than abbreviating with ...


    0
    strace -ttvfo /tmp/logfile -s 1024 program
    ryanchapman · 2013-07-06 08:19:29 6
  • easily strace all your apache processes


    0
    pgrep -f /usr/sbin/httpd | awk '{print"-p " $1}' | xargs strace
    savagemike · 2015-06-10 22:55:35 12
  • easily strace all your apache *child* processes

    On debian parent process is running as root, workers as www-data. You can run strace in backgroud, get its PID, curl your webpage, kill strace and read your stats.


    0
    strace -c $(ps -u www-data o pid= | sed 's/^/-p/')
    brablc · 2015-11-25 08:10:52 11
  • easily trace all Nginx processes

    Nginx (and other webservers like Apache) can be awkward to trace. They run as root, then switch to another user once they're ready to serve web pages. They also have a "master" process and multiple worker processes. The given command finds the process IDs of all Nginx processes, joins them together with a comma, then traces all of them at once with "sudo strace." System trace output can be overwhelming, so we only capture "networking" output. TIP: to kill this complex strace, do "sudo killall strace". Compare with a similar command: http://www.commandlinefu.com/commands/view/11918/easily-strace-all-your-apache-processes Show Sample Output


    0
    sudo strace -e trace=network -p `pidof nginx | sed -e 's/ /,/g'`
    shavenwarthog · 2016-01-28 18:48:16 12
  • easily strace all your apache processes


    0
    strace -p "`pidof httpd`"
    weirdan · 2016-07-28 01:34:55 13
  • easily strace all your apache processes

    No need for grep or xargs


    0
    ps auxw | awk '/(apache|httpd)/{print"strace -F -p " $2}' | sh
    AdvancedThreat · 2017-11-26 17:34:41 20
  • easily strace all your apache processes


    -1
    ps -C apache o pid= | sed 's/^/-p /' | xargs strace
    depesz · 2011-03-15 08:46:33 3

What's this?

commandlinefu.com is the place to record those command-line gems that you return to again and again. That way others can gain from your CLI wisdom and you from theirs too. All commands can be commented on, discussed and voted up or down.

Share Your Commands

Check These Out

Look for English words in /dev/urandom
* to get the English dictionary: wget http://www.mavi1.org/web_security/wordlists/webster-dictionary.txt

Make Kali Linux look less suspicious by making the desktop look more like a windows machine
To revert back to Kali's original desktop. Just redo the same command with no options .

HTTP GET request on wireshark remotly

edit hex mode in vim
return to normal mode from hex mode :%!xxd -r

Check if it's your binary birthday!
Print out your age in days in binary. Today's my binary birthday, I'm 2^14 days old :-) . This command does bash arithmatic $(( )) on two dates: Today: $(date +%s) Date of birth: $(date +%s -d YYYY-MM-DD) The dates are expressed as the number of seconds since the Unix epoch (Jan 1970), so we devide the difference by 86400 (seconds per day). . Finally we pipe "obase=2; DAYS-OLD" into bc to convert to binary. (obase == output base)

diff the same file in two directories.
This is useful when you're diffing two files of the same name in radically different directory trees. For example: Set $ path1='/some/long/convoluted/path/to/all/of/your/source/from/a/long/dead/machine' then $ path2='/local/version/of/same/file' then run the command. Much easier on the eyes when you're looking back across your command history, especially if you're doing the same diff over and over again.

Belgian banking "structured communication"
Derived from current time down to minutes.

List detailed information about a ZIP archive
list zipfile info in long Unix ``ls -l'' format.

draw line separator (using knoppix5 idea)

Convert CSV to JSON
Replace 'csv_file.csv' with your filename.

Stay in the loop…

Follow the Tweets.

Every new command is wrapped in a tweet and posted to Twitter. Following the stream is a great way of staying abreast of the latest commands. For the more discerning, there are Twitter accounts for commands that get a minimum of 3 and 10 votes - that way only the great commands get tweeted.

» http://twitter.com/commandlinefu
» http://twitter.com/commandlinefu3
» http://twitter.com/commandlinefu10

Subscribe to the feeds.

Use your favourite RSS aggregator to stay in touch with the latest commands. There are feeds mirroring the 3 Twitter streams as well as for virtually every other subset (users, tags, functions,…):

Subscribe to the feed for: