trace(5) [ultrix man page]
trace(5) File Formats Manual trace(5) Name trace - system call tracer device Description The file is the system call trace device. It supports the following system calls: and The device supports 16 (configurable in as TR_USRS) simultaneous users. It uses an 8192-byte buffer for trace records. The choice of which system calls to trace is done with the system call. The call is used for efficient reading of the device. The call uses an 8192-byte buffer and returns when the buffer is 60% full. It is required that the user use a buffer the same size as the system buffer size defined in as TR_BUFSIZE. All operations are defined in the header file, The calls are: -------------------------------- ioctl arg (pointer to) -------------------------------- IOTR_GETOFF int a IOTR_GETON int a IOTR_GETALL int a IOTR_GETPIDS int a[10] IOTR_GETUIDS int a[10] IOTR_GETSYSC int a[10] IOTR_GETPGRP int a[10] IOTR_SETOFF int a IOTR_SETON int a IOTR_SETALL int a IOTR_SETPIDS int a[10] IOTR_SETUIDS int a[10] IOTR_SETSYSC int a[10] IOTR_SETPGRP int a[10] -------------------------------- Examples A prototype example (with missing parts): char cmd[BUFSIZ],buf[TR_BUFSIZ]; int pgrp[10],i; fd = open("/dev/trace",0); /* open the device */ pgrp[0] = dofork(cmd); /* fork the command to trace */ for (i=1;i<TR_PGRP;i++) /* dofork sleeps 2 seconds while */ pgrp[i] = 0; /* we set up to do the trace */ i = ioctl(fd,IOTR_SETPGRP,pgrp);/* set up for the trace */ /* select code goes here */ read(fd,buf,sizeof(buf)); See Also trace(1), close(2), ioctl(2), open(2), read(2), select(2) trace(5)
Check Out this Related Man Page
trace(1) General Commands Manual trace(1) Name trace - trace system calls of programs Syntax trace [options] cmd args... Description The command with no flag arguments traces for the given cmd and args all system calls made and prints a time stamp, the PID, call and/or return values and arguments and puts its output in the file trace.dump. Options -f filename Puts dump in file filename. -z Echos arguments only. Only one of the following option arguments can be specified at one time. -c# Traces given PIDs and their children. Up to sixteen PIDs can be specified. -g# Traces given groups only. Up to sixteen Group IDs can be specified. -p# Traces given PIDs only. Up to sixteen PIDs can be specified. -s# Traces given system calls only. Up to sixteen PIDs can be specified. -u# Traces given UIDs only. Up to sixteen PIDs can be specified. Examples trace -f ls.dump ls -l /dev >ls.out runs the cmd ls -l /dev and puts the trace in ls.dump and output in ls.out. trace -f csh.trace -p $$ & will trace your login shell in the background. To stop the trace just send it a termination signal (that is, kill -TERM trace_pid). Restrictions Due to security, no one, not even the super-user can trace anyone else's programs. This sort of negates some of the usefulness of the -g and -u flags. The program cannot be traced. Only 16 numbers can be given to the -c, -p, -g, -u, and -s flags. The kernel configuration file must contain the following: options SYS_TRACE pseudo-device sys_trace In addition, the superuser must use the following command sequence to create the device: cd /dev MAKEDEV trace If both lines are not in the configuration file or if the device is not made, the message "Cannot open /dev/trace" appears. Files /dev/trace read only character special device for reading syscall data. trace.dump default file for the system call trace data. See Also open(2), close(2), ioctl(2), select(2), read(2), trace(5) trace(1)