Trace the Process and See What It is Doing with strace in Linux

By | March 6, 2014

strace is extremely useful for getting debug information on processes being ran by an application that you don’t have compiled from source (or available source).  Each line in the trace contains the system call name, followed by its arguments in parentheses and its return value.  Below are some examples:

Run strace against /bin/foo and capture its output to a text file in output.txt:

$ strace -o output.txt /bin/foo

You can strace the webserver process and see what it’s doing. For example, strace php5 fastcgi process, enter:

$ strace -p 22254 -s 80 -o /tmp/debug.lighttpd.txt

To see only a trace of the open, read system calls, enter :

$ strace -e trace=open,read -p 22254 -s 80 -o debug.webserver.txt

Where,

  • -o filename : Write the trace output to the file filename rather than to screen (stderr).
  • -p PID : Attach to the process with the process ID pid and begin tracing. The trace may be terminated at any time by a keyboard interrupt signal (hit CTRL-C). strace will respond by detaching itself from the traced process(es) leaving it (them) to continue running. Multiple -p options can be used to attach to up to 32 processes in addition to command (which is optional if at least one -p option is given).
  • -s SIZE : Specify the maximum string size to print (the default is 32).