xref: /original-bsd/usr.bin/ktrace/ktrace.1 (revision 92ab646d) 
 KTRACE 1
 NAME
 ktrace - enable kernel process tracing

 SYNOPSIS
 ktrace [
 -Cica ]
[
 -p pid ]
[
 -g pgrp ]
[
 -f  trfile ]
[
 -t  trstr ]


 ktrace [
 -ida ] [
 -f trfile ] [ command ]

 DESCRIPTION
 Ktrace enables kernel trace logging for the specified processes. 
Kernel trace data is logged to the file "ktrace.out" in the
current directory, or to the file named with the
 -f flag.
The current set of kernel operations that can be traced
include: system calls, namei translations, signal processing, and i/o.
By default, all operations
are traced. To restrict logging to specific operations, use the
 -t flag as described below. Once tracing is enabled on a process,
trace data will be logged until either the process exits or the
trace point is cleared with the
 -c flag.
A traced process can generate enormous amounts of log
data quickly; compounded
with the action of the inherit flag, -i, tracing can become unwieldly.
It is strongly suggested that the user memorize
how to globally disable all tracing before attempting
to trace a process. The following command is sufficient to
disable tracing on all user owned processes (if root, all processes in the system):


 $ trace -C



The trace file is binary format: use kdump(1) to decode
it.
Following is a description of the options:




 -C Disable tracing on all user owned processes (if root, all processes in the
system).


 -f trfile Log trace records to trfile instead of "trace.out".


 -t trstr The string argument represents the kernel trace points, one
per letter. The following table equates the letters with the tracepoints:


 c - trace system calls
 n - trace namei translations
 i - trace I/O
 s - trace processing of signals





 -p pid Enable (disable) tracing on the indicated process id (only one -p
flag allowed);


 -g pgid Enable (disable) tracing on all processes in the indicated
process group.


 -a Append to the tracefile instead of truncating it.


 -c Clear the indicated trace points.


 -i Pass the trace flag to all future children of the
designated processes.


 -I Pass the trace flag to all current and future children of the
designated processes.


 command Run command with the specified trace flags.


The -p, -g, and command options are mutually exclusive.

 EXAMPLES
# trace all kernel operations of process id 34

 $ ktrace -p34

# trace all kernel operations of processes in process group 15 and
# pass the trace flags to all current and future children

 $ ktrace -Ig15

# disable all tracing of process 65

 $ ktrace -cp65

# disable tracing signals on process 70 and all current children

 $ ktrace -ts -cip70

# enable tracing of i/o on process 67

 $ ktrace -ti -p67

# run the command "w", tracing only system calls

 $ ktrace -tc w

# disable all tracing to the file "tracedata"

 $ ktrace -c -f tracedata

# disable tracing of all processes owned by the user

 $ ktrace -C




 SEE ALSO
 kdump(1) - display kernel trace data.