ktrace [ -ida ] [ -f trfile ] [ command ]
$ trace -CThe trace records are binary format: use kdump(1) to display the trace records. Following is a description of the options:
-C Disable tracing on all user owned processes (if root, all processes in the system).
-f trfile Log trace records to trfile instead of "trace.out".
-t trstr The string argument represents the kernel trace points, one per letter. The following table equates the letters with the tracepoints:
c - trace system calls n - trace namei translations g - trace generic i/o (utilizing read(2)/write(2)) a - all currently implemented trace points s - trace socket i/o (unimplemented) l - trace receipt of signals (unimplemented)
-p pid Enable (disable) tracing on the indicated process id (only one -p flag allowed);
-g pgid Enable (disable) tracing on all processes in the indicated process group.
-a Append to the tracefile instead of truncating it.
-c Clear the indicated trace points.
-i Pass the trace flag to child processes on fork. Also, descend to all children of the indicated processes and set (clear) the trace flags. Be careful with this option. For example, "ktrace -cip1" will enable tracing on all processes in the system.
command Run command with the specified trace flags.
The -p, -g, and command options are mutually exclusive.
# trace system calls and namei translations of process id 34 $ ktrace -p34 # enable all trace points on processes in process group 15 and # pass the trace flags to all current and future children $ ktrace -ta -ig15 # disable all trace points on process 65 $ ktrace -ta -cp65 # disable all trace points on process 70 and all children $ ktrace -ta -cip70 # enable tracing of generic i/o on process 67 $ ktrace -tg -p67 # run the command "w" with all all trace points enabled $ ktrace -ta w # disable all tracing to the file "tracedata" $ ktrace -ta -c -f tracedata # disable tracing on all processes $ ktrace -C