| 1 | KTRACE(1) BSD Reference Manual KTRACE(1) |
| 2 | |
| 3 | N\bNA\bAM\bME\bE |
| 4 | k\bkt\btr\bra\bac\bce\be - enable kernel process tracing |
| 5 | |
| 6 | S\bSY\bYN\bNO\bOP\bPS\bSI\bIS\bS |
| 7 | k\bkt\btr\bra\bac\bce\be [-\b-a\baC\bCc\bcd\bdi\bi] [-\b-f\bf _\bt_\br_\bf_\bi_\bl_\be] [-\b-g\bg _\bp_\bg_\br_\bp] [-\b-p\bp _\bp_\bi_\bd] [-\b-t\bt _\bt_\br_\bs_\bt_\br] |
| 8 | k\bkt\btr\bra\bac\bce\be [-\b-a\bad\bdi\bi] [-\b-f\bf _\bt_\br_\bf_\bi_\bl_\be] [-\b-t\bt _\bt_\br_\bs_\bt_\br] command |
| 9 | |
| 10 | D\bDE\bES\bSC\bCR\bRI\bIP\bPT\bTI\bIO\bON\bN |
| 11 | K\bKt\btr\bra\bac\bce\be enables kernel trace logging for the specified processes. Kernel |
| 12 | trace data is logged to the file _\bk_\bt_\br_\ba_\bc_\be_\b._\bo_\bu_\bt. The kernel operations that |
| 13 | are traced include system calls, namei translations, signal processing, |
| 14 | and I/O. |
| 15 | |
| 16 | Once tracing is enabled on a process, trace data will be logged until ei- |
| 17 | ther the process exits or the trace point is cleared. A traced process |
| 18 | can generate enormous amounts of log data quickly; It is strongly sug- |
| 19 | gested that users memorize how to disable tracing before attempting to |
| 20 | trace a process. The following command is sufficient to disable tracing |
| 21 | on all user owned processes, and, if executed by root, all processes: |
| 22 | |
| 23 | $ trace -C |
| 24 | |
| 25 | The trace file is not human readable; use kdump(1) to decode it. |
| 26 | |
| 27 | The options are as follows: |
| 28 | |
| 29 | -\b-a\ba Append to the trace file instead of truncating it. |
| 30 | |
| 31 | -\b-C\bC Disable tracing on all user owned processes, and, if executed by |
| 32 | root, all processes in the system. |
| 33 | |
| 34 | -\b-c\bc Clear the trace points associated with the specified file or pro- |
| 35 | cesses. |
| 36 | |
| 37 | -\b-d\bd Descendants; perform the operation for all current children of |
| 38 | the designated processes. |
| 39 | |
| 40 | -\b-f\bf _\bf_\bi_\bl_\be |
| 41 | Log trace records to _\bf_\bi_\bl_\be instead of _\bk_\bt_\br_\ba_\bc_\be_\b._\bo_\bu_\bt. |
| 42 | |
| 43 | -\b-g\bg _\bp_\bg_\bi_\bd |
| 44 | Enable (disable) tracing on all processes in the process group |
| 45 | (only one -\b-g\bg flag is permitted). |
| 46 | |
| 47 | -\b-i\bi Inherit; pass the trace flags to all future children of the des- |
| 48 | ignated processes. |
| 49 | |
| 50 | -\b-p\bp _\bp_\bi_\bd Enable (disable) tracing on the indicated process id (only one -\b-p\bp |
| 51 | flag is permitted). |
| 52 | |
| 53 | -\b-t\bt _\bt_\br_\bs_\bt_\br |
| 54 | The string argument represents the kernel trace points, one per |
| 55 | letter. The following table equates the letters with the trace- |
| 56 | points: |
| 57 | |
| 58 | c\bc trace system calls |
| 59 | n\bn trace namei translations |
| 60 | i\bi trace I/O |
| 61 | s\bs trace signal processing |
| 62 | |
| 63 | _\bc_\bo_\bm_\bm_\ba_\bn_\bd |
| 64 | Execute _\bc_\bo_\bm_\bm_\ba_\bn_\bd with the specified trace flags. |
| 65 | |
| 66 | |
| 67 | The -\b-p\bp, -\b-g\bg, and _\bc_\bo_\bm_\bm_\ba_\bn_\bd options are mutually exclusive. |
| 68 | |
| 69 | E\bEX\bXA\bAM\bMP\bPL\bLE\bES\bS |
| 70 | # trace all kernel operations of process id 34 |
| 71 | $ ktrace -p 34 |
| 72 | |
| 73 | # trace all kernel operations of processes in process group 15 and # pass |
| 74 | the trace flags to all current and future children |
| 75 | $ ktrace -idg 15 |
| 76 | |
| 77 | # disable all tracing of process 65 |
| 78 | $ ktrace -cp 65 |
| 79 | |
| 80 | # disable tracing signals on process 70 and all current children |
| 81 | $ ktrace -t s -cdp 70 |
| 82 | |
| 83 | # enable tracing of I/O on process 67 |
| 84 | $ ktrace -ti -p 67 |
| 85 | |
| 86 | # run the command "w", tracing only system calls |
| 87 | $ ktrace -tc w |
| 88 | |
| 89 | # disable all tracing to the file "tracedata" |
| 90 | $ ktrace -c -f tracedata |
| 91 | |
| 92 | # disable tracing of all processes owned by the user |
| 93 | $ ktrace -C |
| 94 | |
| 95 | S\bSE\bEE\bE A\bAL\bLS\bSO\bO |
| 96 | kdump(1) |
| 97 | |
| 98 | H\bHI\bIS\bST\bTO\bOR\bRY\bY |
| 99 | The k\bkt\btr\bra\bac\bce\be command appears in 4.4BSD. |
| 100 | |
| 101 | 4.4BSD June 6, 1993 2 |