ktrace(1) BSD General Commands Manual ktrace(1)
NAME
ktrace -- enable kernel process tracing
SYNOPSIS
ktrace [-aCcdi] [-f trfile] [-g pgrp | -p pid] [-t trstr] ktrace [-adi] [-f trfile] [-t trstr] command
DESCRIPTION
The ktrace command enables kernel trace logging for the specified pro- cesses. Kernel trace data is logged to the file ktrace.out. The kernel operations that are traced include system calls, namei translations, sig- nal processing, and I/O. Once tracing is enabled on a process, trace data will be logged until either the process exits or the trace point is cleared. A traced process can generate enormous amounts of log data quickly; It is strongly sug- gested that users memorize how to disable tracing before attempting to trace a process. The following command is sufficient to disable tracing on all user owned processes, and, if executed by root, all processes: $ ktrace -C The trace file is not human readable; use kdump(1) to decode it. The options are as follows: -a Append to the trace file instead of recreating it. -C Disable tracing on all user owned processes, and, if executed by root, all processes in the system. -c Clear the trace points associated with the specified file or pro- cesses. -d Descendants; perform the operation for all current children of the designated processes. -f file Log trace records to file instead of ktrace.out. -g pgid Enable (disable) tracing on all processes in the process group (only one -g flag is permitted). -i Inherit; pass the trace flags to all future children of the des- ignated processes. -p pid Enable (disable) tracing on the indicated process id (only one -p flag is permitted). -t trstr The string argument represents the kernel trace points, one per letter. The following table equates the letters with the trace- points: c trace system calls n trace namei translations i trace I/O s trace signal processing u userland traces w context switches command Execute command with the specified trace flags. The -p, -g, and command options are mutually exclusive.
EXAMPLES
# trace all kernel operations of process id 34 $ ktrace -p 34 # trace all kernel operations of processes in process group 15 and # pass the trace flags to all current and future children $ ktrace -idg 15 # disable all tracing of process 65 $ ktrace -cp 65 # disable tracing signals on process 70 and all current children $ ktrace -t s -cdp 70 # enable tracing of I/O on process 67 $ ktrace -ti -p 67 # run the command "w", tracing only system calls $ ktrace -tc w # disable all tracing to the file "tracedata" $ ktrace -c -f tracedata # disable tracing of all processes owned by the user $ ktrace -C
SEE ALSO
kdump(1)
BUGS
Only works if file is a regular file.
HISTORY
The ktrace command appeared in 4.4BSD. BSD June 6, 1993 BSD
Mac OS X 10.4 - Generated Fri Apr 29 06:58:01 CDT 2005