|
|
libnetdude 0.11 (Default branch)
09-01-2008
|
|
trace(1) General Commands Manual trace(1) Name trace - trace system calls of programs Syntax trace [options] cmd args... Description The command with no flag arguments traces for the given cmd and args all system calls made and prints a time stamp, the PID, call and/or return values and arguments and puts its output in the file trace.dump. Options -f filename Puts dump in file filename. -z Echos arguments only. Only one of the following option arguments can be specified at one time. -c# Traces given PIDs and their children. Up to sixteen PIDs can be specified. -g# Traces given groups only. Up to sixteen Group IDs can be specified. -p# Traces given PIDs only. Up to sixteen PIDs can be specified. -s# Traces given system calls only. Up to sixteen PIDs can be specified. -u# Traces given UIDs only. Up to sixteen PIDs can be specified. Examples trace -f ls.dump ls -l /dev >ls.out runs the cmd ls -l /dev and puts the trace in ls.dump and output in ls.out. trace -f csh.trace -p $$ & will trace your login shell in the background. To stop the trace just send it a termination signal (that is, kill -TERM trace_pid). Restrictions Due to security, no one, not even the super-user can trace anyone else's programs. This sort of negates some of the usefulness of the -g and -u flags. The program cannot be traced. Only 16 numbers can be given to the -c, -p, -g, -u, and -s flags. The kernel configuration file must contain the following: options SYS_TRACE pseudo-device sys_trace In addition, the superuser must use the following command sequence to create the device: cd /dev MAKEDEV trace If both lines are not in the configuration file or if the device is not made, the message "Cannot open /dev/trace" appears. Files /dev/trace read only character special device for reading syscall data. trace.dump default file for the system call trace data. See Also open(2), close(2), ioctl(2), select(2), read(2), trace(5) trace(1)