Commands using strace (22)

  • Will open strace on all apache process, on systems using sbin/apache (debian) or sbin/httpd (redhat), and will follow threads newly created.

    ps auxw | grep -E 'sbin/(apache|httpd)' | awk '{print"-p " $2}' | xargs strace -F
    gormux · 2016-08-04 10:59:58 0

  • 0
    strace -p "`pidof httpd`"
    weirdan · 2016-07-28 01:34:55 0

  • 0
    strace -f -e trace=process [command]
    Raboo · 2016-07-12 12:27:56 0
  • Trace python statement execution and syscalls invoked during that simultaneously Show Sample Output

    strace python -m trace --trace | grep -v 'write(1,'
    roolebo · 2016-05-27 21:01:01 0
  • Nginx (and other webservers like Apache) can be awkward to trace. They run as root, then switch to another user once they're ready to serve web pages. They also have a "master" process and multiple worker processes. The given command finds the process IDs of all Nginx processes, joins them together with a comma, then traces all of them at once with "sudo strace." System trace output can be overwhelming, so we only capture "networking" output. TIP: to kill this complex strace, do "sudo killall strace". Compare with a similar command: Show Sample Output

    sudo strace -e trace=network -p `pidof nginx | sed -e 's/ /,/g'`
    shavenwarthog · 2016-01-28 18:48:16 0
  • On debian parent process is running as root, workers as www-data. You can run strace in backgroud, get its PID, curl your webpage, kill strace and read your stats.

    strace -c $(ps -u www-data o pid= | sed 's/^/-p/')
    brablc · 2015-11-25 08:10:52 0
  • How to figure out what a program is doing. -tt detailed timestamps -f also strace any child processes -v be very verbose, even with common structures -o write output to file -s N capture up to N characters of strings, rather than abbreviating with ...

    strace -ttvfo /tmp/logfile -s 1024 program
    ryanchapman · 2013-07-06 08:19:29 0
  • This version also attaches to new processes forked by the parent apache process. That way you can trace all current and *future* apache processes.

    ps auxw | grep sbin/apache | awk '{print"-p " $2}' | xargs strace -f
    msealand · 2013-02-19 19:14:57 0

  • 0
    # strace ... | perl -lne '@F=split(/\\/, $_);for(@F){push @ddd, sprintf("%x", oct("0" . $_))}END{shift @ddd; print pack("H*", join("", @ddd));}'
    zwxajh · 2012-10-16 14:24:13 0
  • Can be run as a script `ftrace` if my_command is substrituted with "$@" It is useful when running a command that fails and you have the feeling it is accessing a file you are not aware of. Show Sample Output

    strace -ff -e trace=file my_command 2>&1 | perl -ne 's/^[^"]+"(([^\\"]|\\[\\"nt])*)".*/$1/ && print'
    unixmonkey8046 · 2011-08-16 15:00:18 2

  • 0
    pidof httpd | sed 's/ / -p /g' | xargs strace -fp
    daniele · 2011-06-28 09:53:19 0
  • Locate config files of the program. May not be used for interactive programs like vim.

    strace -e open zim 2>&1 1>/dev/null | fgrep ~ | fgrep -v "= -1" | cut -d'"' -f2
    unixmonkey17435 · 2011-01-31 22:46:51 0
  • Useful to recover a output(stdout and stderr) "disown"ed or "nohup"ep process of other instance of ssh. With the others options the stdout / stderr is intercepted, but only the first n chars. This way we can recover ALL text of stdout or stderr Show Sample Output

    strace -e write=1,2 -p $PID 2>&1 | sed -un "/^ |/p" | sed -ue "s/^.\{9\}\(.\{50\}\).\+/\1/g" -e 's/ //g' | xxd -r -p
    glaudiston · 2010-10-06 19:37:39 1
  • similar to the previous command, but with more friendly output (tested on linux)

    strace -ff -e write=1,2 -s 1024 -p PID 2>&1 | grep "^ |" | cut -c11-60 | sed -e 's/ //g' | xxd -r -p
    systemj · 2010-04-23 16:22:17 0
  • Sometimes a program refuses to read a file and you're not sure why. You may have display_errors turned off for PHP or something. In this example, fopen('/var/www/test/foo.txt') was called but doesn't have read access to foo.txt. Strace can tell you what went wrong. E.g., if php doesn't have read access to the file, strace will say "EACCESS (Permission denied)". Or, if the file path you gave doesn't exist, strace will say "ENOENT (No such file or directory)", etc. This works for any program you can run from the command-line, e.g., strace python -e open,access... Note: the above command uses php-cli, not mod_php, which is a different SAPI with diff configs, etc. Show Sample Output

    strace php tias.php -e open,access 2>&1 | grep foo.txt
    rkulla · 2010-04-20 19:42:42 0

  • 57
    strace -ff -e trace=write -e write=1,2 -p SOME_PID
    oernii2 · 2010-04-20 08:55:54 2
  • Depending on the TERM, the terminfo version, ncurses version, etc.. you may be using a varied assortment of terminal escape codes. With this command you can easily find out exactly what is going on.. This is terminal escape zen! ( 2>&2 strace -f -F -e write -s 1000 sh -c 'echo -e "initc\nis2\ncnorm\nrmso\nsgr0" | tput -S' 2>&1 ) | grep -o '"\\[^"]*"' --color=always "\33]4;%p1%d;rgb:%p2%{255}%*%{1000}%/%2.2X/%p3%{255}%*%{1000}%/%2.2X/%p4%{255}%*%{1000}%/%2.2X\33\\\33[!p\33[?3;4l\33[4l\33>\33[?12l\33[?25h\33[27m\33(B\33[m" Lets say you want to find out what you need to echo in order to get the text to blink.. echo -e "`tput blink`This will blink`tput sgr0` This wont" Now you can use this function instead of calling tput (tput is much smarter for portable code because it works differently depending on the current TERM, and tput -T anyterm works too.) to turn that echo into a much faster executing code. tput queries files, opens files, etc.. but echo is very strait and narrow. So now you can do this: echo -e "\33[5mThis will blink\33(B\33[m This wont" More at Show Sample Output

    termtrace(){( strace -s 1000 -e write tput $@ 2>&2 2>&1 ) | grep -o '"[^"]*"';}
    AskApache · 2010-03-17 08:53:41 0
  • Especially for sysadmins when they don't want to waste time to add -p flag on the N processes of a processname. In the old school, you did ; pgrep processname and typing strace -f -p 456 -p 678 -p 974... You can add -f argument to the function. That way, the function will deal with pgrep to match the command-line. Example : processname -f jrockit

    straceprocessname(){ x=( $(pgrep "$@") ); [[ ${x[@]} ]] || return 1; strace -vf ${x[@]/#/-p }; }
    sputnick · 2009-12-03 00:04:39 0

  • 7
    sudo strace -pXXXX -e trace=file
    tolginho · 2009-12-01 15:27:48 2
  • It sits there in a loop waiting for a proccess from that user to spawn. When it does it will attach strace to it Show Sample Output

    x=1; while [ $x = 1 ]; do process=`pgrep -u username`; if [ $process ]; then x=0; fi; done; strace -vvtf -s 256 -p $process
    dimentox · 2009-09-22 16:46:27 1
  • Traces the system calls of a program. See for more information.

    strace <name of the program>
    eitland · 2009-08-31 20:42:50 6
  • strace can be invaluable in trying to figure out what the heck some misbehaving program is doing. There are number of useful flags to limit and control its output, and to attach to already running programs. (See also 'ltrace'.) Show Sample Output

    strace -f -s 512 -v ls -l
    mkc · 2009-02-06 02:45:33 0

What's this? is the place to record those command-line gems that you return to again and again. That way others can gain from your CLI wisdom and you from theirs too. All commands can be commented on, discussed and voted up or down.

Share Your Commands

Check These Out

Sharing file through http 80 port
From the other machine open a web navigator and go to ip from the machine who launch netcat, http://ip-address/ If you have some web server listening at 80 port then you would need stop them or select another port before launch net cat ;-) * You need netcat tool installed

The Hidden PS
While going through the source code for the well known ps command, I read about some interesting things.. Namely, that there are a bunch of different fields that ps can try and enumerate for you. These are fields I was not able to find in the man pages, documentation, only in the source. Here is a longer function that goes through each of the formats recognized by the ps on your machine, executes it, and then prompts you whether you would like to add it or not. Adding it simply adds it to an array that is then printed when you ctrl-c or at the end of the function run. This lets you save your favorite ones and then see the command to put in your .bash_profile like mine at : Note that I had to do the exec method below in order to pause with read. t () { local r l a P f=/tmp/ps c='command ps wwo pid:6,user:8,vsize:8,comm:20' IFS=' '; trap 'exec 66

Find if $b is in $a in bash
Find if $b is in $a in bash

Undo commit in Mercurial

Remove any RPMs matching a pattern
This should be an option to rpm, but isn't. I wind up using it a lot because I always forget the full name of the packages I want to delete.

Remove comments from files
Use sed to remove comments from a file. In this example the comments begin with #. The command '/^#/d' remove line starting with #. The command 's/#.*$//' remove comments at end of lines.

Grab just the title of a youtube video
There's another version on here that uses GET but some people don't have lwp-request, so here's an alternative. It's also a little shorter and should work with most youtube URLs since it truncates at the first &

Mount important virtual system directories under chroot'ed directory
The command is useful when, e.g., booting an existing system with a rescue or installation CD where you need to chroot into the hard-disk and be able to do stuff which accesses kernel info (e.g. when installing Ubuntu desktop with LVM2 you need to mount and chroot the hard disk from a shell window in order to install packages and run initramfs inside chroot). The command assumes that /mnt/xxx is where the chroot'ed environment's root file system on the hard disk is mounted.

Which processes are listening on a specific port (e.g. port 80)
swap out "80" for your port of interest. Can use port number or named ports e.g. "http"

Transfer SSH public key to another machine in one step
This command sequence allows simple setup of (gasp!) password-less SSH logins. Be careful, as if you already have an SSH keypair in your ~/.ssh directory on the local machine, there is a possibility ssh-keygen may overwrite them. ssh-copy-id copies the public key to the remote host and appends it to the remote account's ~/.ssh/authorized_keys file. When trying ssh, if you used no passphrase for your key, the remote shell appears soon after invoking ssh user@host.

Stay in the loop…

Follow the Tweets.

Every new command is wrapped in a tweet and posted to Twitter. Following the stream is a great way of staying abreast of the latest commands. For the more discerning, there are Twitter accounts for commands that get a minimum of 3 and 10 votes - that way only the great commands get tweeted.


Subscribe to the feeds.

Use your favourite RSS aggregator to stay in touch with the latest commands. There are feeds mirroring the 3 Twitter streams as well as for virtually every other subset (users, tags, functions,…):

Subscribe to the feed for: