Strace
strace is a diagnostic, debugging, and instructional userspace utility for Linux. It is used to monitor interactions between processes and the Linux kernel, which include system calls, signal deliveries, and changes of process state. The operation of strace(1)
is made possible by the kernel feature known as ptrace
.
strace(1)
is an indispensable tool for any Linux Systems Administrator. I use it on a daily basis at work.
The most common usage is to start a program using strace(1)
, which prints a list of system calls made by the program. This is useful if the program continually crashes, or does not behave as expected; for example using strace(1)
may reveal that the program is attempting to access a file which does not exist or cannot be read.
An alternative application is to use the "-p
" flag to attach to a running process. This is useful if a process has stopped responding, and might reveal, for example, that the process is blocking whilst attempting to make a network connection.
As strace(1)
only details system calls, it cannot be used to detect as many problems as a code debugger such as GNU Debugger (gdb). It is, however, easier to use than a code debugger, and is an extremely useful tool for system administrators.
Example usage
- Simple call:
$ strace ls
- View the 'open' systems calls made by
`ls`
:
$ strace -e open ls
open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3 open("/lib/x86_64-linux-gnu/libselinux.so.1", O_RDONLY|O_CLOEXEC) = 3 open("/lib/x86_64-linux-gnu/libacl.so.1", O_RDONLY|O_CLOEXEC) = 3 open("/lib/x86_64-linux-gnu/libc.so.6", O_RDONLY|O_CLOEXEC) = 3 open("/lib/x86_64-linux-gnu/libpcre.so.3", O_RDONLY|O_CLOEXEC) = 3 open("/lib/x86_64-linux-gnu/libdl.so.2", O_RDONLY|O_CLOEXEC) = 3 open("/lib/x86_64-linux-gnu/libattr.so.1", O_RDONLY|O_CLOEXEC) = 3 open("/proc/filesystems", O_RDONLY) = 3 open("/usr/lib/locale/locale-archive", O_RDONLY|O_CLOEXEC) = 3 foo bar baz +++ exited with 0 +++
- Save the 'open' and 'read' system calls made by a process (with PID=14889) to a file:
$ strace -e trace=open,read -p 14889 -o /tmp/strace.14889
- View the 'open' system calls made by a program called "
vpnc
" (strace(1)
= window into program functionality):
$ strace -e open vpnc #~OR~ $ strace -e open -p `pidof vpnc`
- Hook into STDOUT and STDERR of a running process:
$ strace -p <PID> -e trace=write -e write=1,2
See also
- Lsof
-
ltrace(1), time(1), ptrace(2), proc(5)