trace the system calls made by a process (and its children)

strace -f -s 512 -v ls -l
strace can be invaluable in trying to figure out what the heck some misbehaving program is doing. There are number of useful flags to limit and control its output, and to attach to already running programs. (See also 'ltrace'.)
Sample Output
23155 execve("/bin/ls", ["ls", "-l"], [/* 40 vars */]) = 0
23155 brk(0)                            = 0x1bad000
23155 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faa66e30000
23155 access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
23155 mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faa66e2e000
23155 access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
23155 open("/etc/ld.so.cache", O_RDONLY) = 3
23155 fstat(3, {st_mode=S_IFREG|0644, st_size=119879, ...}) = 0
23155 mmap(NULL, 119879, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7faa66e10000
23155 close(3)                          = 0
23155 access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
23155 open("/lib/librt.so.1", O_RDONLY) = 3

5
By: mkc
2009-02-06 02:45:33

These Might Interest You

  • Daemontools[1] won't always properly reap it's children. Sometimes when you need to kill the main svscan process, you want to also clean up all of it's children. The way to do that is to send a signal to the entire process group. It is a bit tricky [1] http://cr.yp.to/daemontools.html


    0
    kill -9 -$(ps x -o "%c %r" | awk '/svscan/{print $2}')
    SEJeff · 2012-05-25 16:39:02 0
  • Nginx (and other webservers like Apache) can be awkward to trace. They run as root, then switch to another user once they're ready to serve web pages. They also have a "master" process and multiple worker processes. The given command finds the process IDs of all Nginx processes, joins them together with a comma, then traces all of them at once with "sudo strace." System trace output can be overwhelming, so we only capture "networking" output. TIP: to kill this complex strace, do "sudo killall strace". Compare with a similar command: http://www.commandlinefu.com/commands/view/11918/easily-strace-all-your-apache-processes Show Sample Output


    1
    sudo strace -e trace=network -p `pidof nginx | sed -e 's/ /,/g'`
    shavenwarthog · 2016-01-28 18:48:16 0
  • This command allows to follow up a trace on SDP (CS5.2), at the same time as the trace records are stored in the file with "raw" format. Trace files in native format are useful to filter the records before to translation from '|' to '\n'. Example: grep -v OP_GET <raw-records>.trace | tr '|' '\n' Show Sample Output


    0
    tail -1f /var/opt/fds/logs/TraceEventLogFile.txt.0 | grep <msisdn> | tee <test-case-id>.trace | tr '|' '\n'
    neomefistox · 2014-08-21 19:29:07 0
  • This command loops over all of the processes in a system and creates an associative array in awk with the process name as the key and the sum of the RSS as the value. The associative array has the effect of summing a parent process and all of it's children. It then prints the top ten processes sorted by size. Show Sample Output


    5
    ps axo rss,comm,pid | awk '{ proc_list[$2]++; proc_list[$2 "," 1] += $1; } END { for (proc in proc_list) { printf("%d\t%s\n", proc_list[proc "," 1],proc); }}' | sort -n | tail -n 10
    d34dh0r53 · 2010-03-03 16:41:05 2

What do you think?

Any thoughts on this command? Does it work on your machine? Can you do the same thing with only 14 characters?

You must be signed in to comment.

What's this?

commandlinefu.com is the place to record those command-line gems that you return to again and again. That way others can gain from your CLI wisdom and you from theirs too. All commands can be commented on, discussed and voted up or down.

Share Your Commands



Stay in the loop…

Follow the Tweets.

Every new command is wrapped in a tweet and posted to Twitter. Following the stream is a great way of staying abreast of the latest commands. For the more discerning, there are Twitter accounts for commands that get a minimum of 3 and 10 votes - that way only the great commands get tweeted.

» http://twitter.com/commandlinefu
» http://twitter.com/commandlinefu3
» http://twitter.com/commandlinefu10

Subscribe to the feeds.

Use your favourite RSS aggregator to stay in touch with the latest commands. There are feeds mirroring the 3 Twitter streams as well as for virtually every other subset (users, tags, functions,…):

Subscribe to the feed for: