How should strace be used on Linux?

LinuxOperating SystemOpen Source

Linux utility commands are what makes Linux such a powerful operating system, while there are plenty of commands that we can use to interact and get information about the signals and system calls, but the most used and preferred command when it comes to getting the information about the system calls and signals is the linux trace command.

It can be used for getting a diagnosis of the system, for monitoring specific processes or instruction tools of Linux. It has variety of use cases and some of these use cases are −

  • Print timestamp for each system call

  • Output line with clock time

  • Trace a running process

  • Intercept system calls

While these might be some of the use cases, there are plenty of cases where we can make use of strace.

Before making use of the strace tool, we must install it on our local machines. Please consider the different commands shown below for different operating systems to install strace tools on your local operating system.

For Ubuntu/Debian

sudo apt install strace

For CentOS/RedHat

yum install strace

For r Mac OS

brew install strace

Now once we have installed the strace, let’s consider a few examples where we will make use of the strace tool.

The first example shown below contains the command which will print the linux command system calls of your linux environment.

Just type the following command in your terminal −

sudo strace df -h

Output

root@Vostro-15-3568:/home/# strace df -h
execve("/bin/df", ["df", "-h"], [/ 31 vars /]) = 0
brk(NULL) = 0x888000
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
access("/etc/ld.so.preload", R_OK) = 0
open("/etc/ld.so.preload", O_RDONLY|O_CLOEXEC) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=0, ...}) = 0
close(3) = 0
open("/home/cavisson/Documents/github/cavisson/prodsrc/core/netdiagnosticsagent/goAgent/lib/tls/x86_64/libc.so.6",
O_RDONLY|O_CLOEXEC) = -1 ENOENT
.
.
.
.

Let’s run one more example where we will get the system calls that a process makes by attaching the ID of that process.

Type the following command in your terminal −

sudo strace -p pid

Replace the pid in the above example with the process id of the process that you want to get the system calls of.

Example

strace -p 1924

Output

root@Vostro-15-3568:/home/# strace -p 1616
strace: Process 1616 attached
select(11, [9 10], NULL, NULL, {0, 9427}) = 0
select(11, [9 10], NULL, NULL, {0, 10000}) = 0
.
.
.
raja
Published on 29-Jul-2021 11:34:53
Advertisements