Skip to main content

strace

Introduction

This cheat sheet provides a quick reference for some common strace commands and concepts. strace is a command-line tool used for tracing system calls and signals in Linux and Unix-like operating systems.

strace Concepts

Basic strace Usage

strace is used for monitoring system calls made by a program.

  • Trace a program's system calls:

    strace command [arguments]

  • Trace a running process by its PID:

    strace -p PID

Output Control

Control the output format and verbosity of strace traces.

  • Write trace output to a file:

    strace -o output.txt command

  • Increase or decrease the level of detail:

    strace -v command
    strace -vv command

Filtering

Filter the output to focus on specific system calls.

  • Trace only a specific system call (e.g., open):

    strace -e trace=open command

  • Exclude specific system calls from the trace:

    strace -e trace=!open command

  • Trace calls only for a specific process (by name or PID):

    strace -e trace=open -p PID

Timing Information

Gather timing information for system calls.

  • Display timestamps for each call:

    strace -t command

  • Display relative timestamps:

    strace -r command

Signal Tracing

Trace signals sent to a process.

  • Trace signals sent to a process: 
    strace -e trace=signal command

Network Tracing

Trace network-related system calls.

  • Trace network-related calls (e.g., socket, connect): 
    strace -e trace=network command

strace Command-Line

  • Trace a program's system calls:

    strace command [arguments]

  • Trace a running process by its PID:

    strace -p PID

  • Write trace output to a file:

    strace -o output.txt command

  • Increase or decrease the level of detail:

    strace -v command
    strace -vv command

  • Trace only a specific system call (e.g., open):

    strace -e trace=open command

  • Exclude specific system calls from the trace:

    strace -e trace=!open command

  • Trace calls only for a specific process (by name or PID):

    strace -e trace=open -p PID

  • Display timestamps for each call:

    strace -t command

  • Display relative timestamps:

    strace -r command

  • Trace signals sent to a process:

    strace -e trace=signal command

  • Trace network-related calls (e.g., socket, connect):

    strace -e trace=network command

Conclusion

This cheat sheet covers some common strace commands and concepts. strace is a valuable tool for tracing system calls and signals in Linux and Unix-like operating systems, aiding in debugging and performance analysis; refer to the strace manual for more in-depth information and advanced usage.