4.3BSD-Reno/share/man/cat1/ktrace.0
KTRACE(1) UNIX Reference Manual KTRACE(1)
N�NA�AM�ME�E
k�kt�tr�ra�ac�ce�e - enable kernel process tracing
S�SY�YN�NO�OP�PS�SI�IS�S
k�kt�tr�ra�ac�ce�e [-�-C�Ci�ic�ca�a] [-�-p�p _�p_�i_�d] [-�-g�g _�p_�g_�r_�p] [-�-f�f _�t_�r_�f_�i_�l_�e] [-�-t�t _�t_�r_�s_�t_�r]
k�kt�tr�ra�ac�ce�e [-�-i�id�da�a] [-�-f�f _�t_�r_�f_�i_�l_�e] [command]
D�DE�ES�SC�CR�RI�IP�PT�TI�IO�ON�N
K�Kt�tr�ra�ac�ce�e enables kernel trace logging for the specified processes. Kernel
trace data is logged to the file `_�k_�t_�r_�a_�c_�e._�o_�u_�t' in the current directory,
or to the file named with the -�-f�f flag. The current set of kernel opera-
tions that can be traced include: system calls, namei translations, sig-
nal processing, and i/o. By default, all operations are traced. To res-
trict logging to specific operations, use the -�-t�t flag as described below.
Once tracing is enabled on a process, trace data will be logged until ei-
ther the process exits or the trace point is cleared with the -�-c�c flag. A
traced process can generate enormous amounts of log data quickly; com-
pounded with the action of the inherit flag, -�-i�i, tracing can become
unwieldly. It is strongly suggested that the user memorize how to glo-
bally disable all tracing before attempting to trace a process. The fol-
lowing command is sufficient to disable tracing on all user owned
processes (if root, all processes in the system):
$ trace -C
The trace file is binary format: use kdump(1) to decode it. Following is
a description of the options:
-�-C�C Disable tracing on all user owned processes (if root, all processes
in the system).
-�-f�f _�t_�r_�f_�i_�l_�e
Log trace records to _�t_�r_�f_�i_�l_�e instead of ``_�t_�r_�a_�c_�e._�o_�u_�t''.
-�-t�t _�t_�r_�s_�t_�r
The string argument represents the kernel trace points, one per
letter. The following table equates the letters with the
tracepoints:
c�c trace system calls
n�n trace namei translations
i�i trace I/O
s�s trace processing of signals
-�-p�p _�p_�i_�d
Enable (disable) tracing on the indicated process id (only one -�-p�p
flag allowed);
-�-g�g _�p_�g_�i_�d
Enable (disable) tracing on all processes in the indicated process
group.
-�-a�a Append to the tracefile instead of truncating it.
-�-c�c Clear the indicated trace points.
-�-i�i Pass the trace flag to all future children of the designated
processes.
-�-I�I Pass the trace flag to all current and future children of the
designated processes.
_�c_�o_�m_�m_�a_�n_�d
Run _�c_�o_�m_�m_�a_�n_�d with the specified trace flags.
The -�-p�p, -�-g�g, and command options are mutually exclusive.
E�EX�XA�AM�MP�PL�LE�ES�S
# trace all kernel operations of process id 34
$ ktrace -p34
# trace all kernel operations of processes in process group 15 and
# pass the trace flags to all current and future children
$ ktrace -Ig15
# disable all tracing of process 65
$ ktrace -cp65
# disable tracing signals on process 70 and all current children
$ ktrace -ts -cip70
# enable tracing of i/o on process 67
$ ktrace -ti -p67
# run the command "w", tracing only system calls
$ ktrace -tc w
# disable all tracing to the file "tracedata"
$ ktrace -c -f tracedata
# disable tracing of all processes owned by the user
$ ktrace -C
S�SE�EE�E A�AL�LS�SO�O
kdump(1) - display kernel trace data.
H�HI�IS�ST�TO�OR�RY�Y
4.4 BSD.