NAME

trace − trace system calls of programs

SYNTAX

trace [options] cmd args...

DESCRIPTION

The trace command with no flag arguments traces for the given cmd and args all system calls made and prints a time stamp, the PID, call and/or return values and arguments and puts its output in the file trace.dump. 

OPTIONS

−f filename
Puts dump in file filename. 

−zEchos arguments only. 

Only one of the following option arguments can be specified at one time. 

−c#
Traces given PIDs and their children.  Up to sixteen PIDs can be specified.

−g#
Traces given groups only.  Up to sixteen Group IDs can be specified.

−p#
Traces given PIDs only.  Up to sixteen PIDs can be specified.

−s#
Traces given system calls only.  Up to sixteen PIDs can be specified.

−u#
Traces given UIDs only.  Up to sixteen PIDs can be specified.

EXAMPLES

trace -f ls.dump ls -l /dev >ls.out

runs the cmd ls -l /dev and puts the trace in ls.dump and ls output in ls.out.

trace -f csh.trace -p $$ &

will trace your login shell in the background. To stop the trace just send it a termination signal (that is, kill -TERM trace_pid).

RESTRICTIONS

Due to security, no one, not even the super-user can trace anyone elses programs. This sort of negates some of the usefulness of the -g and -u flags.  The setuid program cannot be traced. Only 16 numbers can be given to the -c, -p, -g, -u, and -s flags. 

FILES

/dev/trace read only character special device for reading syscall data. 

trace.dump default file for the system call trace data. 

SEE ALSO

open(2), close(2), ioctl(2), select(2), read(2), trace(5)

Commands