1.\" $OpenBSD: ktrace.1,v 1.29 2016/07/18 09:36:50 guenther Exp $ 2.\" 3.\" Copyright (c) 1990, 1993 4.\" The Regents of the University of California. All rights reserved. 5.\" 6.\" Redistribution and use in source and binary forms, with or without 7.\" modification, are permitted provided that the following conditions 8.\" are met: 9.\" 1. Redistributions of source code must retain the above copyright 10.\" notice, this list of conditions and the following disclaimer. 11.\" 2. Redistributions in binary form must reproduce the above copyright 12.\" notice, this list of conditions and the following disclaimer in the 13.\" documentation and/or other materials provided with the distribution. 14.\" 3. Neither the name of the University nor the names of its contributors 15.\" may be used to endorse or promote products derived from this software 16.\" without specific prior written permission. 17.\" 18.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 19.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 20.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 21.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 22.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 23.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 24.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 25.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 26.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 27.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 28.\" SUCH DAMAGE. 29.\" 30.\" from: @(#)ktrace.1 8.1 (Berkeley) 6/6/93 31.\" 32.Dd $Mdocdate: July 18 2016 $ 33.Dt KTRACE 1 34.Os 35.Sh NAME 36.Nm ktrace 37.Nd enable kernel process tracing 38.Sh SYNOPSIS 39.Nm ktrace 40.Op Fl aBCcdi 41.Op Fl f Ar trfile 42.Op Fl g Ar pgid 43.Op Fl p Ar pid 44.Op Fl t Ar trstr 45.Nm ktrace 46.Op Fl adi 47.Op Fl f Ar trfile 48.Op Fl t Ar trstr 49.Ar command 50.Sh DESCRIPTION 51.Nm ktrace 52enables kernel trace logging for the specified processes. 53By default, kernel trace data is logged to the file 54.Pa ktrace.out , 55unless overridden by the 56.Fl f 57option. 58The kernel operations traced are system calls, namei translations, 59signal processing and I/O. 60.Pp 61Once tracing is enabled on a process, trace data will be logged until 62either the process exits or the trace point is cleared. 63A traced process can generate enormous amounts of log data quickly; 64it is strongly suggested that users memorize how to disable tracing before 65attempting to trace a process. 66The following command is sufficient to disable tracing on all user owned 67processes and, if executed by root, all processes: 68.Pp 69.Dl $ ktrace -C 70.Pp 71The trace file is not human-readable; use 72.Xr kdump 1 73to decode it. 74.Pp 75The options are as follows: 76.Bl -tag -width 9n 77.It Fl a 78Append to the trace file instead of recreating it. 79.It Fl B 80Set the 81.Ev LD_BIND_NOW 82environment variable to specify that the dynamic linker should process 83relocations immediately instead of as they are encountered. 84This eliminates the resulting 85.Xr ld.so 1 86relocation sequences. 87.It Fl C 88Disable tracing on all user owned processes and, if executed by root, all 89processes in the system. 90.It Fl c 91Clear the trace points associated with the trace file or any specified 92processes. 93.It Fl d 94Descendants; perform the operation for all current children of the 95designated processes. 96.It Fl f Ar trfile 97Log trace records to 98.Ar trfile 99instead of 100.Pa ktrace.out . 101.It Fl g Ar pgid 102Enable (disable) tracing on all processes in the process group (only one 103.Fl g 104flag is permitted). 105.It Fl i 106Inherit; pass the trace flags to all future children of the designated 107processes. 108.It Fl p Ar pid 109Enable (disable) tracing on the indicated process ID (only one 110.Fl p 111flag is permitted). 112.It Fl t Ar trstr 113The string argument represents the kernel trace points, one per letter. 114By default all trace points except for 115.Cm X 116are enabled. 117The following table equates the letters with the trace points: 118.Pp 119.Bl -tag -width flag -offset indent -compact 120.It Cm c 121trace system calls 122.It Cm i 123trace I/O 124.It Cm n 125trace namei translations 126.It Cm p 127trace violation of 128.Xr pledge 2 129restrictions 130.It Cm s 131trace signal processing 132.It Cm t 133trace various structures 134.It Cm u 135trace user data coming from 136.Xr utrace 2 137.It Cm x 138trace argument vector in 139.Xr execve 2 140.It Cm X 141trace environment in 142.Xr execve 2 143.It Cm + 144trace the default points 145.El 146.It Ar command 147Execute 148.Ar command 149with the specified trace flags. 150.El 151.Pp 152The 153.Fl p , 154.Fl g , 155and 156.Ar command 157options are mutually exclusive. 158.Sh FILES 159.Bl -tag -width ktrace.out -compact 160.It Pa ktrace.out 161default ktrace dump file 162.El 163.Sh EXAMPLES 164Trace all kernel operations of process ID 34: 165.Dl $ ktrace -p 34 166.Pp 167Trace all kernel operations of processes in process group 15 and 168pass the trace flags to all current and future children: 169.Dl $ ktrace -idg 15 170.Pp 171Disable all tracing of process 65: 172.Dl $ ktrace -cp 65 173.Pp 174Disable tracing signals on process 70 and all current children: 175.Dl $ ktrace -t s -cdp 70 176.Pp 177Enable tracing of I/O on process 67: 178.Dl $ ktrace -ti -p 67 179.Pp 180Run the command 181.Xr w 1 , 182tracing only system calls: 183.Dl $ ktrace -tc w 184.Pp 185Disable all tracing to the file "tracedata": 186.Dl $ ktrace -c -f tracedata 187.Pp 188Disable tracing of all processes owned by the user: 189.Dl $ ktrace -C 190.Sh SEE ALSO 191.Xr kdump 1 , 192.Xr ktrace 2 , 193.Xr utrace 2 194.Sh HISTORY 195The 196.Nm ktrace 197command appeared in 198.Bx 4.4 . 199