trace(1)
NAME
trace − trace system calls of programs
SYNTAX
trace [ options ] cmd args...
DESCRIPTION
The trace command with no flag arguments traces for the given cmd and args all system calls made and prints a time stamp, the PID, call and/or return values and arguments and puts its output in the file trace.dump.
OPTIONS
−z Echo arguments only.
−f filename Put dump in file filename.
Only one of the following option arguments can be specified at one time.
−c# Trace the given PIDs and their children. Up to sixteen PIDs can be specified.
−p# Trace the given PIDs only. Up to sixteen PIDs can be specified.
−g# Trace the given groups only. Up to sixteen Group IDs can be specified
−u# Trace the given UIDs only. Up to sixteen PIDs can be specified.
−s# Trace the given system calls only. Up to sixteen PIDs can be specified.
EXAMPLES
trace -f ls.dump ls -l /dev >ls.out
runs the cmd ls -l /dev and puts the trace in ls.dump and ls output in ls.out.
trace -f csh.trace -p $$ &
will trace your login shell in the background. To stop the trace just send it a termination signal (that is, kill -TERM trace_pid).
RESTRICTIONS
Due to security, no one, not even the super-user can trace anyone elses programs. This sort of negates some of the usefulness of the -g and -u flags. The setuid program cannot be traced. Only 16 numbers can be given to the -c, -p, -g, -u, and -s flags.
FILES
/dev/trace read only character special device for reading syscall data.
trace.dump default file for the system call trace data.