Table of Content

General

strace traces system calls and signals and is an invaluable tool for gathering context when debugging.

Commands

CommandsDescription
-cPrint a histogram of the number of system calls and the time spent at the termination of strace.
-e trace=[syscalls]Trace only specified syscalls
--trace=[syscalls]Trace only specified syscalls (same as -e trace=)
-fFollow threads and child processes that are created. Useful option because many programs will spawn additional processes or threads to do work.
-p [pid]attaches to running pid
-s [size]Print [size] characters per string displayed. This is useful if you are trying to trace what a program is writing to a file descriptor.
-tPrint the time of day at the start of each line.
-TPrint time spent in system call. This can be useful if you are trying to determine if a particular system call is taking a lot of time to return

Filter by type of syscall

Used by parameter -e

SyscallDescription
openTrace syscalls open on filesystemk.
closeTrace syscalls close on filesystemk.
readTrace syscalls read on filesystemk.
writTrace syscalls writ on filesystemk.
%descTrace all file descriptor related system calls.
%fileTrace all system calls which take a file name as an argument.
%fstatTrace fstat and fstatat syscall variants.
%fstatfsTrace fstatfs, fstatfs64, fstatvfs, osf_fstatfs, and osf_fstatfs64 system calls.
%ipcTrace all IPC related system calls.
%lstatTrace lstat syscall variants.
%memoryTrace all memory mapping related system calls.
%networkTrace all the network related system calls.
%processTrace all system calls which involve process management.
%pureTrace syscalls that always succeed and have no arguments.
%signalTrace all signal related system calls.
%statTrace stat syscall variants.
%statfsTrace statfs, statfs64, statvfs, osf_statfs, and osf_statfs64 system calls.
%%statTrace syscalls used for requesting file status.
%%statfsTrace syscalls related to file system statistics.

Examples

$ strace -Tfe trace=open,read,write ./my_script.sh
$ strace -fp 1337 -e trace=open,read,write

$ strace -c ls > /dev/null
% time     seconds  usecs/call     calls    errors syscall
------ ----------- ----------- --------- --------- ----------------
 89.76    0.008016           4      1912           getdents
  8.71    0.000778           0     11778           lstat
  0.81    0.000072           0      8894           write
  0.60    0.000054           0       943           open
  0.11    0.000010           0       942           close
  0.00    0.000000           0         1           read
  0.00    0.000000           0       944           fstat
  0.00    0.000000           0         8           mmap
  0.00    0.000000           0         4           mprotect
  0.00    0.000000           0         1           munmap
  0.00    0.000000           0         7           brk
  0.00    0.000000           0         3         3 access
  0.00    0.000000           0         1           execve
  0.00    0.000000           0         1           sysinfo
  0.00    0.000000           0         1           arch_prctl
------ ----------- ----------- --------- --------- ----------------
100.00    0.008930                 25440         3 total