Redirect a filehandle from a currently running process.

yes 'Y'|gdb -ex 'p close(1)' -ex 'p creat("/tmp/output.txt",0600)' -ex 'q' -p pid
This command uses the debugger to attach to a running process, and reassign a filehandle to a file. The two commands executed in gdb are p close(1) which closes STDOUT and p creat("/tmp/filename",0600) which creates a file and opens it for output. Since file handles are assigned sequentially, this command opens the file in place of STDOUT and once the process continues, new output to STDOUT will instead be written to our capture file.
Sample Output
[zim@host ~]$ ./printlines.pl 
Output line 1
Output line 2
Output line 3
Output line 4

[zim@host ~]$ yes 'Y'|gdb -ex 'p close(1)' -ex 'p creat("/tmp/output.txt",0600)' -ex 'q' -p 22503
GNU gdb Fedora (6.8-23.fc9)
Copyright (C) 2008 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-redhat-linux-gnu".
Attaching to process 22503
Reading symbols from /usr/bin/perl...(no debugging symbols found)...done.
Reading symbols from /usr/lib64/perl5/5.10.0/x86_64-linux-thread-multi/CORE/libperl.so...(no debugging symbols found)...done.
Loaded symbols for /usr/lib64/perl5/5.10.0/x86_64-linux-thread-multi/CORE/libperl.so
Reading symbols from /lib64/libresolv.so.2...(no debugging symbols found)...done.
Loaded symbols for /lib64/libresolv.so.2
Reading symbols from /lib64/libnsl.so.1...(no debugging symbols found)...done.
Loaded symbols for /lib64/libnsl.so.1
Reading symbols from /lib64/libdl.so.2...
(no debugging symbols found)...done.
Loaded symbols for /lib64/libdl.so.2
Reading symbols from /lib64/libm.so.6...(no debugging symbols found)...done.
Loaded symbols for /lib64/libm.so.6
Reading symbols from /lib64/libcrypt.so.1...(no debugging symbols found)...done.
Loaded symbols for /lib64/libcrypt.so.1
Reading symbols from /lib64/libutil.so.1...(no debugging symbols found)...done.
Loaded symbols for /lib64/libutil.so.1
Reading symbols from /lib64/libpthread.so.0...
(no debugging symbols found)...done.
[Thread debugging using libthread_db enabled]
[New Thread 0x7ff25bd046f0 (LWP 22503)]
Loaded symbols for /lib64/libpthread.so.0
Reading symbols from /lib64/libc.so.6...(no debugging symbols found)...done.
Loaded symbols for /lib64/libc.so.6
Reading symbols from /lib64/ld-linux-x86-64.so.2...(no debugging symbols found)...done.
Loaded symbols for /lib64/ld-linux-x86-64.so.2
(no debugging symbols found)
0x00000039f1ca6390 in __nanosleep_nocancel () from /lib64/libc.so.6
$1 = 0
$2 = 1
The program is running.  Quit anyway (and detach it)? (y or n) [answered Y; input not from terminal]
Detaching from program: /usr/bin/perl, process 22503

[zim@host ~]$ cat /tmp/output.txt 
Output line 5
Output line 6
Output line 7
Output line 8
Output line 9
Output line 10

8
By: adminzim
2009-02-20 17:36:57
yes

What Others Think

wow!
bartman · 643 weeks ago
I'm a bit confused by what this does. At first, I thought it caused a process to start writing to a different file (/tmp/output.txt). But then it says that the process's output to STDOUT will be put in the file. Which is it? Or both? If the process has multiple files open which one will it pick to redirect?
dataangel · 643 weeks ago
NM, I reread and understand :P
dataangel · 643 weeks ago
Caveat: please note that this is going to working only if you exec is not busy opening/close file descriptors at high speed. Depending on the frequency of the open/close operations, /tmp/output.txt could contains anything, or even block some thread while they attempt to read from it. This concurrency issue aside, this is a nifty one.
pruneau · 643 weeks ago

What do you think?

Any thoughts on this command? Does it work on your machine? Can you do the same thing with only 14 characters?

You must be signed in to comment.

What's this?

commandlinefu.com is the place to record those command-line gems that you return to again and again. That way others can gain from your CLI wisdom and you from theirs too. All commands can be commented on, discussed and voted up or down.

Share Your Commands



Stay in the loop…

Follow the Tweets.

Every new command is wrapped in a tweet and posted to Twitter. Following the stream is a great way of staying abreast of the latest commands. For the more discerning, there are Twitter accounts for commands that get a minimum of 3 and 10 votes - that way only the great commands get tweeted.

» http://twitter.com/commandlinefu
» http://twitter.com/commandlinefu3
» http://twitter.com/commandlinefu10

Subscribe to the feeds.

Use your favourite RSS aggregator to stay in touch with the latest commands. There are feeds mirroring the 3 Twitter streams as well as for virtually every other subset (users, tags, functions,…):

Subscribe to the feed for: