trace(1)
Name
trace − trace system calls of programs
Syntax
trace [options] cmd args...
Description
The trace command with no flag arguments traces for the given cmd and args all system calls made and prints a time stamp, the PID, call and/or return values and arguments and puts its output in the file trace.dump.
Options
−f filename
Puts dump in file filename.
−zEchos arguments only.
Only one of the following option arguments can be specified at one time.
−c#Traces given PIDs and their children. Up to sixteen PIDs can be specified.
−g#Traces given groups only. Up to sixteen Group IDs can be specified.
−p#Traces given PIDs only. Up to sixteen PIDs can be specified.
−s#Traces given system calls only. Up to sixteen PIDs can be specified.
−u#Traces given UIDs only. Up to sixteen PIDs can be specified.
Examples
trace −f ls.dump ls −l /dev >ls.out
runs the cmd ls −l /dev and puts the trace in ls.dump and ls output in ls.out.
trace −f csh.trace −p $$ &
will trace your login shell in the background. To stop the trace just send it a termination signal (that is, kill −TERM trace_pid).
Restrictions
Due to security, no one, not even the super-user can trace anyone elses programs. This sort of negates some of the usefulness of the -g and -u flags.
The setuid program cannot be traced.
Only 16 numbers can be given to the −c, −p, −g, −u, and −s flags.
The kernel must be configured with the SYS_TRACE option for this command to work; otherwise, the message "Cannot open /dev/trace" is printed.
Files
/dev/trace read only character special device for reading syscall data.
trace.dump default file for the system call trace data.