strace command

strace can be seen as a useful diagnostic and instructional debugger. It allows a programmer/user to quickly find out how a program is interacting with the OS. It does this by monitoring system calls and signals.

Syntax: strace -tf -s 1000 <command>

The above syntax include timestamps, follow forks, increase string size to 1000 characters.

You can reduce the set of calls returned to just those dealing with network, file access, reads, and writes as follows:
strace -tf -s 1000 -e trace=file,network,write,read <command>
Reading strace output:

Each line in the output represents a system call. They follow the format:

system_call(argument1, argument2, ... ) = return_value
  • execve - the arguments show the path to the command being run followed by a list of arguments (the command itself is argument 0)
  • brk - the process requests memory
  • access - check to see if the file is able to be read and/or written to
  • open - open the file specified
  • read - read the contents of the file
  • mmap2 - store the file contents in memory
  • close - close the file
  • uname - returns the hostname and type of system
Errors will recorded in the return value as -1 along with an error message. One you will see a lot of is "-1 ENOENT (No such file or directory)" associated with access and open calls. The process of searching the path for a library or file will result in several "No such file" errors before the application reaches the correct directory. These can be ignored. Example:
15:57:13 open("/opt/mhash//lib/libpspell.so.15", O_RDONLY) = -1 ENOENT (No such file or directory)
15:57:13 open("/opt/tidy//lib/libpspell.so.15", O_RDONLY) = -1 ENOENT (No such file or directory)
15:57:13 open("/opt/xslt//lib/libpspell.so.15", O_RDONLY) = -1 ENOENT (No such file or directory)
15:57:13 open("/usr/lib/tls/libpspell.so.15", O_RDONLY) = -1 ENOENT (No such file or directory)
15:57:13 open("/usr/lib/sse2/libpspell.so.15", O_RDONLY) = -1 ENOENT (No such file or directory)
15:57:13 open("/usr/lib/libpspell.so.15", O_RDONLY) = 3

Strace a running process

# strace -t -s 1000 -p PID

Strace cPanel (or any daemon process)

This process can be used to strace cpsrvd (cpanel, whm, and webmail) or any other daemon that forks child processes.

First, get the pid for cpsrvd.

# pgrep -lf cpsrvd
15916 cpsrvd (SSL) - waiting for c --llu=1346080602 --listen=3,4,5,6,7,8

# strace -o cpsrvd_strace -p 15916

Strace connectivity from your host to google.com

# strace -o google_strace -e nc google.com 80

Thank you.

Comments

Popular posts from this blog

SVN: File remains in conflict

HowTo: Enable extended logging for exim

Error: could not open mime types config file