strace is a debugging tool that allows you to monitor system calls and signals made by a process. It can be used to track down the source of errors and diagnose system problems by displaying the system calls a program makes as it runs, along with any error messages that are generated.
strace works by intercepting and reporting the system calls made by a program to the kernel, as well as any signals sent or received. It can be used to monitor a single process or a group of processes, and can be run on both command-line and graphical applications.
The output of strace can be quite verbose, and it is often helpful to use filters to limit the amount of data that is displayed. Some common filters include -e to specify which system calls to monitor, -p to monitor a specific process, and -o to redirect the output to a file.
strace Command Examples
1. Start tracing a specific process by its PID:
# strace -p pid
2. Trace a process and filter output by system call:
# strace -p pid -e system_call_name
3. Count time, calls, and errors for each system call and report a summary on program exit:
# strace -p pid -c
4. Show the time spent in every system call:
# strace -p pid -T
5. Start tracing a program by executing it:
# strace program
6. Start tracing file operations of a program:
# strace -e trace=file program
Summary
strace is a powerful tool that can be used to troubleshoot a wide range of issues, including file and network access, system resource usage, and program crashes. However, it should be used with caution, as it can also be used to monitor sensitive data, such as passwords and encryption keys.