manpagez: man pages & more
man ktrace(1)
Home | html | info | man
ktrace(1)                 BSD General Commands Manual                ktrace(1)


NAME

     ktrace -- enable kernel process tracing


SYNOPSIS

     ktrace [-aCcdi] [-f trfile] [-g pgrp | -p pid] [-t trstr]
     ktrace [-adi] [-f trfile] [-t trstr] command


DESCRIPTION

     The ktrace command enables kernel trace logging for the specified pro-
     cesses.  Kernel trace data is logged to the file ktrace.out.  The kernel
     operations that are traced include system calls, namei translations, sig-
     nal processing, and I/O.

     Once tracing is enabled on a process, trace data will be logged until
     either the process exits or the trace point is cleared.  A traced process
     can generate enormous amounts of log data quickly; It is strongly sug-
     gested that users memorize how to disable tracing before attempting to
     trace a process.  The following command is sufficient to disable tracing
     on all user owned processes, and, if executed by root, all processes:

           $ ktrace -C

     The trace file is not human readable; use kdump(1) to decode it.

     The options are as follows:

     -a      Append to the trace file instead of recreating it.

     -C      Disable tracing on all user owned processes, and, if executed by
             root, all processes in the system.

     -c      Clear the trace points associated with the specified file or pro-
             cesses.

     -d      Descendants; perform the operation for all current children of
             the designated processes.

     -f file
             Log trace records to file instead of ktrace.out.

     -g pgid
             Enable (disable) tracing on all processes in the process group
             (only one -g flag is permitted).

     -i      Inherit; pass the trace flags to all future children of the des-
             ignated processes.

     -p pid  Enable (disable) tracing on the indicated process id (only one -p
             flag is permitted).

     -t trstr
             The string argument represents the kernel trace points, one per
             letter.  The following table equates the letters with the trace-
             points:

             c     trace system calls
             n     trace namei translations
             i     trace I/O
             s     trace signal processing
             u     userland traces
             w     context switches

     command
             Execute command with the specified trace flags.

     The -p, -g, and command options are mutually exclusive.


EXAMPLES

     # trace all kernel operations of process id 34
           $ ktrace -p 34

     # trace all kernel operations of processes in process group 15 and # pass
     the trace flags to all current and future children
           $ ktrace -idg 15

     # disable all tracing of process 65
           $ ktrace -cp 65

     # disable tracing signals on process 70 and all current children
           $ ktrace -t s -cdp 70

     # enable tracing of I/O on process 67
           $ ktrace -ti -p 67

     # run the command "w", tracing only system calls
           $ ktrace -tc w

     # disable all tracing to the file "tracedata"
           $ ktrace -c -f tracedata

     # disable tracing of all processes owned by the user
           $ ktrace -C


SEE ALSO

     kdump(1)


BUGS

     Only works if file is a regular file.


HISTORY

     The ktrace command appeared in 4.4BSD.

BSD                              June 6, 1993                              BSD

Mac OS X 10.4 - Generated Fri Apr 29 06:58:01 CDT 2005
© manpagez.com 2000-2017
Individual documents may contain additional copyright information.