Copyright (c) 1990, 1993
The Regents of the University of California. All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions
are met:
1. Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
3. All advertising materials mentioning features or use of this software
must display the following acknowledgement:
This product includes software developed by the University of
California, Berkeley and its contributors.
4. Neither the name of the University nor the names of its contributors
may be used to endorse or promote products derived from this software
without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
SUCH DAMAGE.
@(#)ktrace.1 8.1 (Berkeley) 6/6/93
.Dd December 9, 2002 .Dt KTRACE 1 .Os .Sh NAME .Nm ktrace , ktruss .Nd enable kernel process tracing .Sh SYNOPSIS .Nm .Op Fl aCcdis .Op Fl f Ar trfile .Op Fl g Ar pgrp .Op Fl p Ar pid .Op Fl t Ar trstr .Nm "" .Op Fl adis .Op Fl f Ar trfile .Op Fl t Ar trstr command .Nm ktruss .Op Fl aCcdilRT .Op Fl e Ar emulation .Op Fl f Ar infile .Op Fl g Ar pgrp .Op Fl m Ar maxdata .Op Fl o Ar outfile .Op Fl p Ar pid .Op Fl t Ar trstr .Nm ktruss .Op Fl adiRT .Op Fl e Ar emulation .Op Fl m Ar maxdata .Op Fl o Ar outfile .Op Fl t Ar trstr command .Sh DESCRIPTION .Nm enables kernel trace logging for the specified processes. Kernel trace data is logged to the file
a ktrace.out . The kernel operations that are traced include system calls, namei translations, signal processing, and .Tn I/O .
p Once tracing is enabled on a process, trace data will be logged until either the process exits or the trace point is cleared. A traced process can generate enormous amounts of log data quickly; It is strongly suggested that users memorize how to disable tracing before attempting to trace a process. The following command is sufficient to disable tracing on all user owned processes, and, if executed by root, all processes:
p .Dl $ ktrace -C
p The trace file is not human readable; use .Xr kdump 1 to decode it.
p The options are as follows: l -tag -width indent t Fl a Append to the trace file instead of truncating it. t Fl C Disable tracing on all user owned processes, and, if executed by root, all processes in the system. t Fl c Clear the trace points associated with the specified file or processes. t Fl d Descendants; perform the operation for all current children of the designated processes. t Fl f Ar file Log trace records to .Ar file instead of
a ktrace.out . t Fl g Ar pgid Enable (disable) tracing on all processes in the process group (only one .Fl g flag is permitted). t Fl i Inherit; pass the trace flags to all future children of the designated processes. t Fl p Ar pid Enable (disable) tracing on the indicated process id (only one .Fl p flag is permitted). t Fl s Write to the trace file with synchronized I/O. t Fl t Ar trstr The string argument represents the kernel trace points, one per letter. The following table equates the letters with the tracepoints:
p l -tag -width flag -compact t Cm c trace system calls t Cm e trace emulation changes t Cm n trace namei translations t Cm i trace .Tn I/O t Cm s trace signal processing t Cm u trace user data t Cm m trace Mach messages when running Mach binaries with COMPAT_MACH (currently limited to i386 and powerpc ports). t Cm w trace context switches t Cm + trace the default set of trace points (c, e, i, m, n, s, u) .El t Fl e Ar emulation If an emulation of a process is unknown, interpret system call maps assuming the named emulation instead of default "netbsd". t Ar command Execute .Ar command with the specified trace flags. .El
p The .Fl p , .Fl g , and .Ar command options are mutually exclusive. .Sh EXAMPLES # trace all kernel operations of process id 34 .Dl $ ktrace -p 34
p d -literal # trace all kernel operations of processes in process group 15 and # pass the trace flags to all current and future children .Ed .Dl $ ktrace -idg 15
p # disable all tracing of process 65 .Dl $ ktrace -cp 65
p # disable tracing signals on process 70 and all current children .Dl $ ktrace -t s -cdp 70
p # enable tracing of .Tn I/O on process 67 .Dl $ ktrace -ti -p 67
p # run the command "w", tracing only system calls .Dl $ ktrace -tc w
p # disable all tracing to the file "tracedata" .Dl $ ktrace -c -f tracedata
p # disable tracing of all processes owned by the user .Dl $ ktrace -C .Sh SEE ALSO .Xr kdump 1 .Sh HISTORY The .Nm command appears in x 4.4 .
Indexes created Mon Oct 27 04:09:48 GMT 2025