Commands using strace (25)

  • intercept stdout/stderr of another process


    59
    strace -ff -e trace=write -e write=1,2 -p SOME_PID
    oernii2 · 2010-04-20 08:55:54 2
  • List files accessed by a command

    Can be run as a script `ftrace` if my_command is substrituted with "$@" It is useful when running a command that fails and you have the feeling it is accessing a file you are not aware of. Show Sample Output


    17
    strace -ff -e trace=file my_command 2>&1 | perl -ne 's/^[^"]+"(([^\\"]|\\[\\"nt])*)".*/$1/ && print'
    unixmonkey8046 · 2011-08-16 15:00:18 2
  • intercept stdout/stderr of another process

    similar to the previous command, but with more friendly output (tested on linux)


    10
    strace -ff -e write=1,2 -s 1024 -p PID 2>&1 | grep "^ |" | cut -c11-60 | sed -e 's/ //g' | xxd -r -p
    systemj · 2010-04-23 16:22:17 0
  • Determine what an process is actually doing


    7
    sudo strace -pXXXX -e trace=file
    tolginho · 2009-12-01 15:27:48 2
  • See why a program can't seem to access a file

    Sometimes a program refuses to read a file and you're not sure why. You may have display_errors turned off for PHP or something. In this example, fopen('/var/www/test/foo.txt') was called but doesn't have read access to foo.txt. Strace can tell you what went wrong. E.g., if php doesn't have read access to the file, strace will say "EACCESS (Permission denied)". Or, if the file path you gave doesn't exist, strace will say "ENOENT (No such file or directory)", etc. This works for any program you can run from the command-line, e.g., strace python myapp.py -e open,access... Note: the above command uses php-cli, not mod_php, which is a different SAPI with diff configs, etc. Show Sample Output


    7
    strace php tias.php -e open,access 2>&1 | grep foo.txt
    rkulla · 2010-04-20 19:42:42 0
  • List all accessed configuration files while executing a program in linux terminal (improved version)

    Last listed files presumably have higher precedency then files listed first, i.e. configuration files in the personal .config directory will be listed last and their config parameters will be more authoritative then default config parameters defined in /etc directory which are usually listed above them. If you replace ".conf" with ".ini" in the command, initial files will be listed instead of config files. If you do not like to list multiple access to the same config file, pipe to "uniq" or "uniq -c" to prefix lines by the number of occurrences Show Sample Output


    7
    strace 2>&1 <any_executable> |egrep -o "\".*\.conf\""
    knoppix5 · 2020-07-31 10:57:29 1
  • trace the system calls made by a process (and its children)

    strace can be invaluable in trying to figure out what the heck some misbehaving program is doing. There are number of useful flags to limit and control its output, and to attach to already running programs. (See also 'ltrace'.) Show Sample Output


    5
    strace -f -s 512 -v ls -l
    mkc · 2009-02-06 02:45:33 0
  • Catch a proccess from a user and strace it.

    It sits there in a loop waiting for a proccess from that user to spawn. When it does it will attach strace to it Show Sample Output


    4
    x=1; while [ $x = 1 ]; do process=`pgrep -u username`; if [ $process ]; then x=0; fi; done; strace -vvtf -s 256 -p $process
    dimentox · 2009-09-22 16:46:27 1
  • Find files that were modified by a given command

    Traces the system calls of a program. See http://linuxhelp.blogspot.com/2006/05/strace-very-powerful-troubleshooting.html for more information.


    3
    strace <name of the program>
    eitland · 2009-08-31 20:42:50 6
  • Strace all signals processes based on a name ( The processes already started... ) with bash built-in

    Especially for sysadmins when they don't want to waste time to add -p flag on the N processes of a processname. In the old school, you did ; pgrep processname and typing strace -f -p 456 -p 678 -p 974... You can add -f argument to the function. That way, the function will deal with pgrep to match the command-line. Example : processname -f jrockit


    3
    straceprocessname(){ x=( $(pgrep "$@") ); [[ ${x[@]} ]] || return 1; strace -vf ${x[@]/#/-p }; }
    sputnick · 2009-12-03 00:04:39 1
  • Terminal Escape Code Zen - Strace and Tput

    Depending on the TERM, the terminfo version, ncurses version, etc.. you may be using a varied assortment of terminal escape codes. With this command you can easily find out exactly what is going on.. This is terminal escape zen! ( 2>&2 strace -f -F -e write -s 1000 sh -c 'echo -e "initc\nis2\ncnorm\nrmso\nsgr0" | tput -S' 2>&1 ) | grep -o '"\\[^"]*"' --color=always "\33]4;%p1%d;rgb:%p2%{255}%*%{1000}%/%2.2X/%p3%{255}%*%{1000}%/%2.2X/%p4%{255}%*%{1000}%/%2.2X\33\\\33[!p\33[?3;4l\33[4l\33>\33[?12l\33[?25h\33[27m\33(B\33[m" Lets say you want to find out what you need to echo in order to get the text to blink.. echo -e "`tput blink`This will blink`tput sgr0` This wont" Now you can use this function instead of calling tput (tput is much smarter for portable code because it works differently depending on the current TERM, and tput -T anyterm works too.) to turn that echo into a much faster executing code. tput queries files, opens files, etc.. but echo is very strait and narrow. So now you can do this: echo -e "\33[5mThis will blink\33(B\33[m This wont" More at http://www.askapache.com/linux-unix/bash_profile-functions-advanced-shell.html Show Sample Output


    3
    termtrace(){( strace -s 1000 -e write tput $@ 2>&2 2>&1 ) | grep -o '"[^"]*"';}
    AskApache · 2010-03-17 08:53:41 0
  • intercept stdout/stderr of another process or disowned process

    Useful to recover a output(stdout and stderr) "disown"ed or "nohup"ep process of other instance of ssh. With the others options the stdout / stderr is intercepted, but only the first n chars. This way we can recover ALL text of stdout or stderr Show Sample Output


    3
    strace -e write=1,2 -p $PID 2>&1 | sed -un "/^ |/p" | sed -ue "s/^.\{9\}\(.\{50\}\).\+/\1/g" -e 's/ //g' | xxd -r -p
    glaudiston · 2010-10-06 19:37:39 1
  • easily strace all your apache processes

    Will open strace on all apache process, on systems using sbin/apache (debian) or sbin/httpd (redhat), and will follow threads newly created.


    3
    ps auxw | grep -E 'sbin/(apache|httpd)' | awk '{print"-p " $2}' | xargs strace -F
    gormux · 2016-08-04 10:59:58 0
  • Locate config files of the program

    Locate config files of the program. May not be used for interactive programs like vim.


    1
    strace -e open zim 2>&1 1>/dev/null | fgrep ~ | fgrep -v "= -1" | cut -d'"' -f2
    unixmonkey17435 · 2011-01-31 22:46:51 0
  • easily strace all your apache processes

    This version also attaches to new processes forked by the parent apache process. That way you can trace all current and *future* apache processes.


    1
    ps auxw | grep sbin/apache | awk '{print"-p " $2}' | xargs strace -f
    msealand · 2013-02-19 19:14:57 0
  • Advanced python tracing

    Trace python statement execution and syscalls invoked during that simultaneously Show Sample Output


    1
    strace python -m trace --trace myprog.py | grep -v 'write(1,'
    roolebo · 2016-05-27 21:01:01 0
  • See what apache is doing without restarting it in debug mode


    0
    pidof httpd | sed 's/ / -p /g' | xargs strace -fp
    daniele · 2011-06-28 09:53:19 0
  • change binary string readable


    0
    # strace ... | perl -lne '@F=split(/\\/, $_);for(@F){push @ddd, sprintf("%x", oct("0" . $_))}END{shift @ddd; print pack("H*", join("", @ddd));}'
    zwxajh · 2012-10-16 14:24:13 0
  • strace a program

    How to figure out what a program is doing. -tt detailed timestamps -f also strace any child processes -v be very verbose, even with common structures -o write output to file -s N capture up to N characters of strings, rather than abbreviating with ...


    0
    strace -ttvfo /tmp/logfile -s 1024 program
    ryanchapman · 2013-07-06 08:19:29 0
  • easily strace all your apache *child* processes

    On debian parent process is running as root, workers as www-data. You can run strace in backgroud, get its PID, curl your webpage, kill strace and read your stats.


    0
    strace -c $(ps -u www-data o pid= | sed 's/^/-p/')
    brablc · 2015-11-25 08:10:52 0
  • easily trace all Nginx processes

    Nginx (and other webservers like Apache) can be awkward to trace. They run as root, then switch to another user once they're ready to serve web pages. They also have a "master" process and multiple worker processes. The given command finds the process IDs of all Nginx processes, joins them together with a comma, then traces all of them at once with "sudo strace." System trace output can be overwhelming, so we only capture "networking" output. TIP: to kill this complex strace, do "sudo killall strace". Compare with a similar command: http://www.commandlinefu.com/commands/view/11918/easily-strace-all-your-apache-processes Show Sample Output


    0
    sudo strace -e trace=network -p `pidof nginx | sed -e 's/ /,/g'`
    shavenwarthog · 2016-01-28 18:48:16 0
  • strace to find out what files a process executes


    0
    strace -f -e trace=process [command]
    Raboo · 2016-07-12 12:27:56 0
  • easily strace all your apache processes


    0
    strace -p "`pidof httpd`"
    weirdan · 2016-07-28 01:34:55 0
  • Linux system calls of MySQL process


    0
    strace -c -p $(pidof -s mysqld) -f -e trace=all
    shantanuo · 2020-02-27 03:35:17 3
  • Find which config-file is read


    0
    strace 2>&1 geany |grep geany.conf
    knoppix5 · 2020-04-20 19:42:39 1

What's this?

commandlinefu.com is the place to record those command-line gems that you return to again and again. That way others can gain from your CLI wisdom and you from theirs too. All commands can be commented on, discussed and voted up or down.

Share Your Commands

Check These Out

Make a thumbnail image of first page of a PDF.
convert is included in ImageMagick. Don't forget the [X] (where X is the page number). [0] is the first page of the PDF.

Update Ogg Vorbis file comments
The "vorbiscomment" utility lets you update information such as artist names and song and album tags in an Ogg Vorbis file. You can use this command to fix any mistakes that were made when ripping an album.

Show current working directory of a process

Set laptop display brightness
Run as root. Path may vary depending on laptop model and video card (this was tested on an Acer laptop with ATI HD3200 video). $ cat /proc/acpi/video/VGA/LCD/brightness to discover the possible values for your display.

mean color of an image
You can get the mean value for the colours in an image. Then you can determine, in general, how dark or bright is the image and run some other actions based on that. I'll recommend to readjust the brightness of the images using +sigmoidal-contrast option of imagemagick convert command.

Get AWS temporary credentials ready to export based on a MFA virtual appliance
You might want to secure your AWS operations requiring to use a MFA token. But then to use API or tools, you need to pass credentials generated with a MFA token. This commands asks you for the MFA code and retrieves these credentials using AWS Cli. To print the exports, you can use: `awk '{ print "export AWS_ACCESS_KEY_ID=\"" $1 "\"\n" "export AWS_SECRET_ACCESS_KEY=\"" $2 "\"\n" "export AWS_SESSION_TOKEN=\"" $3 "\"" }'` You must adapt the command line to include: * $MFA_IDis ARN of the virtual MFA or serial number of the physical one * TTL for the credentials

Calculate days on which Friday the 13th occurs
Simply change the years listed in the first seq, and it will print out all the months in that span of years that have Friday the 13ths in them.

List upcoming events on google calendar
Requires googlecl (http://code.google.com/p/googlecl/) Even better when you wrap this in a script and allow the --date=STRING to be $1. Then you can type: whatson "next Thursday" The date string for UNIX date is very flexible. You can also add --cal "[regex]" to the end for multiple calendars.

Retrieve the size of a file on a server
- Where $URL is the URL of the file. - Replace the $2 by $3 at the end to get a human-readable size. Credits to svanberg @ ArchLinux forums for original idea. Edit: Replaced command with better version by FRUiT. (removed unnecessary grep)

Downsample mp3s to 128K
This will lower the quality of mp3 files, but is necessary to play them on some mobile devices.

Stay in the loop…

Follow the Tweets.

Every new command is wrapped in a tweet and posted to Twitter. Following the stream is a great way of staying abreast of the latest commands. For the more discerning, there are Twitter accounts for commands that get a minimum of 3 and 10 votes - that way only the great commands get tweeted.

» http://twitter.com/commandlinefu
» http://twitter.com/commandlinefu3
» http://twitter.com/commandlinefu10

Subscribe to the feeds.

Use your favourite RSS aggregator to stay in touch with the latest commands. There are feeds mirroring the 3 Twitter streams as well as for virtually every other subset (users, tags, functions,…):

Subscribe to the feed for: