trace(1)trace(1)Nametrace - trace system calls of programs
Syntaxtrace [options] cmd args...
Description
The command with no flag arguments traces for the given cmd and args
all system calls made and prints a time stamp, the PID, call and/or
return values and arguments and puts its output in the file trace.dump.
Options-f filename
Puts dump in file filename.
-z Echos arguments only.
Only one of the following option arguments can be specified at one
time.
-c# Traces given PIDs and their children. Up to sixteen PIDs can
be specified.
-g# Traces given groups only. Up to sixteen Group IDs can be spec‐
ified.
-p# Traces given PIDs only. Up to sixteen PIDs can be specified.
-s# Traces given system calls only. Up to sixteen PIDs can be
specified.
-u# Traces given UIDs only. Up to sixteen PIDs can be specified.
Examplestrace-f ls.dump ls -l /dev >ls.out
runs the cmd ls -l /dev and puts the trace in ls.dump and output in
ls.out.
trace-f csh.trace -p $$ &
will trace your login shell in the background. To stop the trace just
send it a termination signal (that is, kill -TERM trace_pid).
Restrictions
Due to security, no one, not even the super-user can trace anyone
else's programs. This sort of negates some of the usefulness of the -g
and -u flags.
The program cannot be traced.
Only 16 numbers can be given to the -c, -p, -g, -u, and -s flags.
The kernel configuration file must contain the following:
options SYS_TRACE
pseudo-device sys_trace
In addition, the superuser must use the following command sequence to
create the device:
cd /dev
MAKEDEV trace
If both lines are not in the configuration file or if the device is not
made, the message "Cannot open /dev/trace" appears.
Files
/dev/trace read only character special device for reading syscall
data.
trace.dump default file for the system call trace data.
See Alsoopen(2), close(2), ioctl(2), select(2), read(2), trace(5)trace(1)