ktrace(1)
NAME
ktrace - enable kernel process tracing
SYNOPSIS
ktrace [-aCcdi] [-f trfile] [-g pgrp | -p pid] [-t trstr]
ktrace [-adi] [-f trfile] [-t trstr] command
DESCRIPTION
- The ktrace utility enables kernel trace logging for the
- specified processes. Kernel trace data is logged to the file ktrace.out.
- The kernel
operations that are traced include system calls, namei - translations, signal processing, and I/O.
- Once tracing is enabled on a process, trace data will be
- logged until
either the process exits or the trace point is cleared. A - traced process
can generate enormous amounts of log data quickly; It is - strongly suggested that users memorize how to disable tracing before at
- tempting to
trace a process. The following command is sufficient to - disable tracing
on all user owned processes, and, if executed by root, all - processes:
$ ktrace -C- The trace file is not human readable; use kdump(1) to decode
- it.
- The options are as follows:
- -a Append to the trace file instead of recreating it.
- -C Disable tracing on all user owned processes, and, if
- executed by
- root, all processes in the system.
- -c Clear the trace points associated with the specified
- file or pro
- cesses.
- -d Descendants; perform the operation for all current
- children of
- the designated processes.
- -f trfile
- Log trace records to trfile instead of ktrace.out.
- -g pgid
- Enable (disable) tracing on all processes in the
- process group
(only one -g flag is permitted). - -i Inherit; pass the trace flags to all future children
- of the des
- ignated processes.
- -p pid Enable (disable) tracing on the indicated process id
- (only one -p
- flag is permitted).
- -t trstr
- The string argument represents the kernel trace
- points, one per
letter. The following table equates the letters - with the tracepoints:
- c trace system calls
n trace namei translations
i trace I/O
s trace signal processing
u userland traces
w context switches
+ trace the default set of trace points - c, n, - i, s, u
- command
- Execute command with the specified trace flags.
- The -p, -g, and command options are mutually exclusive.
EXAMPLES
- # trace all kernel operations of process id 34
- $ ktrace -p 34
- # trace all kernel operations of processes in process group
- 15 and # pass
the trace flags to all current and future children - $ ktrace -idg 15
- # disable all tracing of process 65
- $ ktrace -cp 65
- # disable tracing signals on process 70 and all current
- children
- $ ktrace -t s -cdp 70
- # enable tracing of I/O on process 67
- $ ktrace -ti -p 67
- # run the command "w", tracing only system calls
- $ ktrace -tc w
- # disable all tracing to the file "tracedata"
- $ ktrace -c -f tracedata
- # disable tracing of all processes owned by the user
- $ ktrace -C
SEE ALSO
HISTORY
The ktrace command appeared in 4.4BSD.
BUGS
- Only works if trfile is a regular file.
- BSD June 6, 1993