KTRACE(1) - General Commands Manual #
KTRACE(1) - General Commands Manual
NAME #
ktrace - enable kernel process tracing
SYNOPSIS #
ktrace
[-aCcdi]
[-f trfile]
[-g pgid]
[-p pid]
[-t trstr]
ktrace
[-aBdiT]
[-f trfile]
[-t trstr]
command
DESCRIPTION #
ktrace enables kernel trace logging for the specified processes. By default, kernel trace data is logged to the file ktrace.out, unless overridden by the -f option. The kernel operations traced are system calls, namei translations, signal processing and I/O.
Once tracing is enabled on a process, trace data will be logged until either the process exits or the trace point is cleared. A traced process can generate enormous amounts of log data quickly; it is strongly suggested that users memorize how to disable tracing before attempting to trace a process. The following command is sufficient to disable tracing on all user owned processes and, if executed by root, all processes:
$ ktrace -C
The trace file is not human-readable; use kdump(1) to decode it.
The options are as follows:
-a
Append to the trace file instead of recreating it.
-B
Set the
LD_BIND_NOW
environment variable to specify that the dynamic linker should process relocations immediately instead of as they are encountered. This eliminates the resulting ld.so(1) relocation sequences.
-C
Disable tracing on all user owned processes and, if executed by root, all processes in the system.
-c
Clear the trace points associated with the trace file or any specified processes.
-d
Descendants; perform the operation for all current children of the designated processes.
-f trfile
Log trace records to trfile instead of ktrace.out.
-g pgid
Enable (disable) tracing on all processes in the process group (only one -g flag is permitted).
-i
Inherit; pass the trace flags to all future children of the designated processes.
-p pid
Enable (disable) tracing on the indicated process ID (only one -p flag is permitted).
-T
Disable userland timekeeping, making time related system calls more prevalent.
-t trstr
Select which information to put into the dump file. The argument can contain one or more of the following letters. By default all trace points except for X are enabled.
c
trace system calls
i
trace I/O
n
trace namei translations
p
trace violation of pledge(2) restrictions
s
trace signal processing
S
trace violation of pinsyscalls(2)
t
trace various structures
u
trace user data coming from utrace(2)
x
trace argument vector in execve(2)
X
trace environment in execve(2)
+
trace the default points
command
Execute command with the specified trace flags.
The -p, -g, and command options are mutually exclusive.
FILES #
ktrace.out
default ktrace dump file
EXAMPLES #
Trace all kernel operations of process ID 34:
$ ktrace -p 34
Trace all kernel operations of processes in process group 15 and pass the trace flags to all current and future children:
$ ktrace -idg 15
Disable all tracing of process 65:
$ ktrace -cp 65
Disable tracing signals on process 70 and all current children:
$ ktrace -t s -cdp 70
Enable tracing of I/O on process 67:
$ ktrace -ti -p 67
Run the command w(1), tracing only system calls:
$ ktrace -tc w
Disable all tracing to the file “tracedata”:
$ ktrace -c -f tracedata
Disable tracing of all processes owned by the user:
$ ktrace -C
SEE ALSO #
kdump(1), ktrace(2), utrace(2)
HISTORY #
The ktrace command appeared in 4.3BSD-Reno.
OpenBSD 7.5 - December 15, 2023