Commands using strace (25)


  • 59
    strace -ff -e trace=write -e write=1,2 -p SOME_PID
    oernii2 · 2010-04-20 08:55:54 14
  • Can be run as a script `ftrace` if my_command is substrituted with "$@" It is useful when running a command that fails and you have the feeling it is accessing a file you are not aware of. Show Sample Output


    17
    strace -ff -e trace=file my_command 2>&1 | perl -ne 's/^[^"]+"(([^\\"]|\\[\\"nt])*)".*/$1/ && print'
    unixmonkey8046 · 2011-08-16 15:00:18 10
  • similar to the previous command, but with more friendly output (tested on linux)


    10
    strace -ff -e write=1,2 -s 1024 -p PID 2>&1 | grep "^ |" | cut -c11-60 | sed -e 's/ //g' | xxd -r -p
    systemj · 2010-04-23 16:22:17 5

  • 7
    sudo strace -pXXXX -e trace=file
    tolginho · 2009-12-01 15:27:48 7
  • Sometimes a program refuses to read a file and you're not sure why. You may have display_errors turned off for PHP or something. In this example, fopen('/var/www/test/foo.txt') was called but doesn't have read access to foo.txt. Strace can tell you what went wrong. E.g., if php doesn't have read access to the file, strace will say "EACCESS (Permission denied)". Or, if the file path you gave doesn't exist, strace will say "ENOENT (No such file or directory)", etc. This works for any program you can run from the command-line, e.g., strace python myapp.py -e open,access... Note: the above command uses php-cli, not mod_php, which is a different SAPI with diff configs, etc. Show Sample Output


    7
    strace php tias.php -e open,access 2>&1 | grep foo.txt
    rkulla · 2010-04-20 19:42:42 7
  • Last listed files presumably have higher precedency then files listed first, i.e. configuration files in the personal .config directory will be listed last and their config parameters will be more authoritative then default config parameters defined in /etc directory which are usually listed above them. If you replace ".conf" with ".ini" in the command, initial files will be listed instead of config files. If you do not like to list multiple access to the same config file, pipe to "uniq" or "uniq -c" to prefix lines by the number of occurrences Show Sample Output


    7
    strace 2>&1 <any_executable> |egrep -o "\".*\.conf\""
    knoppix5 · 2020-07-31 10:57:29 304
  • strace can be invaluable in trying to figure out what the heck some misbehaving program is doing. There are number of useful flags to limit and control its output, and to attach to already running programs. (See also 'ltrace'.) Show Sample Output


    5
    strace -f -s 512 -v ls -l
    mkc · 2009-02-06 02:45:33 22
  • It sits there in a loop waiting for a proccess from that user to spawn. When it does it will attach strace to it Show Sample Output


    4
    x=1; while [ $x = 1 ]; do process=`pgrep -u username`; if [ $process ]; then x=0; fi; done; strace -vvtf -s 256 -p $process
    dimentox · 2009-09-22 16:46:27 8
  • Traces the system calls of a program. See http://linuxhelp.blogspot.com/2006/05/strace-very-powerful-troubleshooting.html for more information.


    3
    strace <name of the program>
    eitland · 2009-08-31 20:42:50 10
  • Especially for sysadmins when they don't want to waste time to add -p flag on the N processes of a processname. In the old school, you did ; pgrep processname and typing strace -f -p 456 -p 678 -p 974... You can add -f argument to the function. That way, the function will deal with pgrep to match the command-line. Example : processname -f jrockit


    3
    straceprocessname(){ x=( $(pgrep "$@") ); [[ ${x[@]} ]] || return 1; strace -vf ${x[@]/#/-p }; }
    sputnick · 2009-12-03 00:04:39 9
  • Depending on the TERM, the terminfo version, ncurses version, etc.. you may be using a varied assortment of terminal escape codes. With this command you can easily find out exactly what is going on.. This is terminal escape zen! ( 2>&2 strace -f -F -e write -s 1000 sh -c 'echo -e "initc\nis2\ncnorm\nrmso\nsgr0" | tput -S' 2>&1 ) | grep -o '"\\[^"]*"' --color=always "\33]4;%p1%d;rgb:%p2%{255}%*%{1000}%/%2.2X/%p3%{255}%*%{1000}%/%2.2X/%p4%{255}%*%{1000}%/%2.2X\33\\\33[!p\33[?3;4l\33[4l\33>\33[?12l\33[?25h\33[27m\33(B\33[m" Lets say you want to find out what you need to echo in order to get the text to blink.. echo -e "`tput blink`This will blink`tput sgr0` This wont" Now you can use this function instead of calling tput (tput is much smarter for portable code because it works differently depending on the current TERM, and tput -T anyterm works too.) to turn that echo into a much faster executing code. tput queries files, opens files, etc.. but echo is very strait and narrow. So now you can do this: echo -e "\33[5mThis will blink\33(B\33[m This wont" More at http://www.askapache.com/linux-unix/bash_profile-functions-advanced-shell.html Show Sample Output


    3
    termtrace(){( strace -s 1000 -e write tput $@ 2>&2 2>&1 ) | grep -o '"[^"]*"';}
    AskApache · 2010-03-17 08:53:41 8
  • Useful to recover a output(stdout and stderr) "disown"ed or "nohup"ep process of other instance of ssh. With the others options the stdout / stderr is intercepted, but only the first n chars. This way we can recover ALL text of stdout or stderr Show Sample Output


    3
    strace -e write=1,2 -p $PID 2>&1 | sed -un "/^ |/p" | sed -ue "s/^.\{9\}\(.\{50\}\).\+/\1/g" -e 's/ //g' | xxd -r -p
    glaudiston · 2010-10-06 19:37:39 5
  • Will open strace on all apache process, on systems using sbin/apache (debian) or sbin/httpd (redhat), and will follow threads newly created.


    3
    ps auxw | grep -E 'sbin/(apache|httpd)' | awk '{print"-p " $2}' | xargs strace -F
    gormux · 2016-08-04 10:59:58 14
  • Locate config files of the program. May not be used for interactive programs like vim.


    1
    strace -e open zim 2>&1 1>/dev/null | fgrep ~ | fgrep -v "= -1" | cut -d'"' -f2
    unixmonkey17435 · 2011-01-31 22:46:51 5
  • This version also attaches to new processes forked by the parent apache process. That way you can trace all current and *future* apache processes.


    1
    ps auxw | grep sbin/apache | awk '{print"-p " $2}' | xargs strace -f
    msealand · 2013-02-19 19:14:57 5
  • Trace python statement execution and syscalls invoked during that simultaneously Show Sample Output


    1
    strace python -m trace --trace myprog.py | grep -v 'write(1,'
    roolebo · 2016-05-27 21:01:01 73

  • 0
    pidof httpd | sed 's/ / -p /g' | xargs strace -fp
    daniele · 2011-06-28 09:53:19 4

  • 0
    # strace ... | perl -lne '@F=split(/\\/, $_);for(@F){push @ddd, sprintf("%x", oct("0" . $_))}END{shift @ddd; print pack("H*", join("", @ddd));}'
    zwxajh · 2012-10-16 14:24:13 5
  • How to figure out what a program is doing. -tt detailed timestamps -f also strace any child processes -v be very verbose, even with common structures -o write output to file -s N capture up to N characters of strings, rather than abbreviating with ...


    0
    strace -ttvfo /tmp/logfile -s 1024 program
    ryanchapman · 2013-07-06 08:19:29 7
  • On debian parent process is running as root, workers as www-data. You can run strace in backgroud, get its PID, curl your webpage, kill strace and read your stats.


    0
    strace -c $(ps -u www-data o pid= | sed 's/^/-p/')
    brablc · 2015-11-25 08:10:52 11
  • Nginx (and other webservers like Apache) can be awkward to trace. They run as root, then switch to another user once they're ready to serve web pages. They also have a "master" process and multiple worker processes. The given command finds the process IDs of all Nginx processes, joins them together with a comma, then traces all of them at once with "sudo strace." System trace output can be overwhelming, so we only capture "networking" output. TIP: to kill this complex strace, do "sudo killall strace". Compare with a similar command: http://www.commandlinefu.com/commands/view/11918/easily-strace-all-your-apache-processes Show Sample Output


    0
    sudo strace -e trace=network -p `pidof nginx | sed -e 's/ /,/g'`
    shavenwarthog · 2016-01-28 18:48:16 12

  • 0
    strace -f -e trace=process [command]
    Raboo · 2016-07-12 12:27:56 11

  • 0
    strace -p "`pidof httpd`"
    weirdan · 2016-07-28 01:34:55 13

  • 0
    strace -c -p $(pidof -s mysqld) -f -e trace=all
    shantanuo · 2020-02-27 03:35:17 243

  • 0
    strace 2>&1 geany |grep geany.conf
    knoppix5 · 2020-04-20 19:42:39 109

What's this?

commandlinefu.com is the place to record those command-line gems that you return to again and again. That way others can gain from your CLI wisdom and you from theirs too. All commands can be commented on, discussed and voted up or down.

Share Your Commands


Check These Out

Benchmark SQL Query
Benchmark a SQL query against MySQL Server. The example runs the query 10 times, and you get the average runtime in the output. To ensure that the query does not get cached, use `RESET QUERY CACHE;` on top in the query file.

Which processes are listening on a specific port (e.g. port 80)
swap out "80" for your port of interest. Can use port number or named ports e.g. "http"

Typing the current date ( or any string ) via a shortcut as if the keys had been actually typed with the hardware keyboard in any application.
That works in all softs, CLI or GUI... I don't want to waste time to all the time typing the same stuff . So, I have that command in my window manager shortcuts ( meta+l ). All the window managers have editable shortcuts AFAIK. If not, or you don't want to use it that way, you can easily use the xbindkeys soft. I you're using kde4, you can run : $ systemsettings then open "inputs actions" and create a new shortcut. For Gnome take a look there : http://www.cyberciti.biz/faq/howto-create-keyboard-shortcuts-in-gnome/ A more advanced one, with strings and newlines : $ xvkbd -xsendevent -text "---8

add files to existing growable DVD using growisofs
replace "directory name with files to add to DVD" with actual directory containing files you want to add to growable DVD

Recurse through directories easily
This is a simple case of recursing through all directories, adding the '.bak' extension to every file. Of course, the 'cp $file $file.bak' could be any code you need to apply to your recursion, including tests, other functions, creating variables, doing math, etc. Simple and clean recursion.

Create passwords and store safely with gpg
Adjust the $ head -c part for password length. I use filenames like "hans@commandlinefu.com.gpg" and a vim which automatically decrypts files with .gpg suffixes.

Cut the first 'N' characters of a line
You can also cut charactes starting from X to N.

diff will usually only take one file from STDIN. This is a method to take the result of two streams and compare with diff. The example I use to compare two iTunes libraries but it is generally applicable.
diff is designed to compare two files. You can also compare directories. In this form, bash uses 'process substitution' in place of a file as an input to diff. Each input to diff can be filtered as you choose. I use find and egrep to select the files to compare.

tree by modify time with newest file at bottom
Go look at sample output first This is kind of like the ls command but displays by modify time with size, date and color. The newest files at the bottom of the screen (reverse using tac)

Use bash history with process substitution
Bash has a great history system of its commands accessed by the ! built-in history expansion operator (documented elsewhere on this site or on the web). You can combine the ! operator inside the process redirection


Stay in the loop…

Follow the Tweets.

Every new command is wrapped in a tweet and posted to Twitter. Following the stream is a great way of staying abreast of the latest commands. For the more discerning, there are Twitter accounts for commands that get a minimum of 3 and 10 votes - that way only the great commands get tweeted.

» http://twitter.com/commandlinefu
» http://twitter.com/commandlinefu3
» http://twitter.com/commandlinefu10

Subscribe to the feeds.

Use your favourite RSS aggregator to stay in touch with the latest commands. There are feeds mirroring the 3 Twitter streams as well as for virtually every other subset (users, tags, functions,…):

Subscribe to the feed for: