Copyright (c) 1990, 1993
The Regents of the University of California. All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions
are met:
1. Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
3. Neither the name of the University nor the names of its contributors
may be used to endorse or promote products derived from this software
without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
SUCH DAMAGE.
@(#)ktrace.1 8.1 (Berkeley) 6/6/93
.Dd February 7, 2006 .Dt KTRACE 1 .Os .Sh NAME .Nm ktrace , ktruss .Nd enable kernel process tracing .Sh SYNOPSIS .Nm .Op Fl aCcdins .Op Fl f Ar trfile .Op Fl g Ar pgrp .Op Fl p Ar pid .Op Fl t Ar trstr .Nm .Op Fl adis .Op Fl f Ar trfile .Op Fl t Ar trstr .Ar command .Nm ktruss .Op Fl aCcdilnRT .Op Fl e Ar emulation .Op Fl f Ar infile .Op Fl g Ar pgrp .Op Fl m Ar maxdata .Op Fl o Ar outfile .Op Fl p Ar pid .Op Fl t Ar trstr .Nm ktruss .Op Fl adinRT .Op Fl e Ar emulation .Op Fl m Ar maxdata .Op Fl o Ar outfile .Op Fl t Ar trstr .Op Fl v Ar vers command .Sh DESCRIPTION .Nm enables kernel trace logging for the specified processes. Kernel trace data is logged to the file
a ktrace.out . The kernel operations that are traced include system calls, namei translations, signal processing, and .Tn I/O .
p Once tracing is enabled on a process, trace data will be logged until either the process exits or the trace point is cleared. A traced process can generate enormous amounts of log data quickly; It is strongly suggested that users memorize how to disable tracing before attempting to trace a process. The following command is sufficient to disable tracing on all user owned processes, and, if executed by root, all processes:
p .Dl $ ktrace -C
p The trace file is not human readable; use .Xr kdump 1 to decode it.
p .Nm ktruss is functionally the same as .Nm ktrace except that trace output is printed on standard output or to the file specified with the .Fl o option. .Nm ktruss is useful to see the kernel operations interleaved with the program output.
p The options are as follows: l -tag -width indent t Fl a Append to the trace file instead of truncating it. t Fl C Disable tracing on all user owned processes, and, if executed by root, all processes in the system. t Fl c Clear the trace points associated with the specified file or processes. t Fl d Descendants; perform the operation for all current children of the designated processes. t Fl f Ar trfile Log trace records to .Ar trfile instead of
a ktrace.out . t Fl f Ar infile Read the trace records from .Ar infile and print them in a human readable format to standard out. t Fl g Ar pgid Enable (disable) tracing on all processes in the process group (only one .Fl g flag is permitted). t Fl i Inherit; pass the trace flags to all future children of the designated processes. t Fl l Poll the trace file for new data and print it to standard out. Only for use together with the .Fl f option. t Fl m Ar maxdata Print at most .Ar maxdata bytes of data. This is used for pointer type arguments, e.g., strings. The data will be escaped in C-style unless .Fl x is specified when it will be output in hex and ascii. t Fl n Stop tracing if attempts to write to the trace file would block. This option always affects .Nm ktruss and only affects .Nm ktrace when writing to .Dv stdout . If this flag is not set, then the traced program will block until it can write more data to the trace file descriptor. t Fl o Ar outfile Log trace records to .Ar outfile . Without this option .Nm ktruss will print its output in a human readable format to standard out. t Fl p Ar pid Enable (disable) tracing on the indicated process id (only one .Fl p flag is permitted). t Fl s Write to the trace file with synchronized I/O. t Fl R Display relative time stamps to output. t Fl T Same as the .Fl R option, but use absolute timestamps instead. t Fl t Ar trstr The string argument represents the kernel trace points, one per letter. The following table equates the letters with the tracepoints:
p l -tag -width flag -compact t Cm A trace all tracepoints t Cm a trace exec arguments t Cm c trace system calls t Cm e trace emulation changes t Cm i trace .Tn I/O t Cm l trace Mach out of line data when running Mach binaries with COMPAT_MACH (currently limited to i386 and powerpc ports). t Cm m trace Mach messages when running Mach binaries with COMPAT_MACH (currently limited to i386 and powerpc ports). t Cm n trace namei translations t Cm S trace MIB access (sysctl) t Cm s trace signal processing t Cm U trace scheduler activations upcall data t Cm u trace user data t Cm v trace exec environment t Cm w trace context switches t Cm + trace the default set of trace points (c, e, i, l, m, n, s, U, u) t Cm - do not trace following trace points .El t Fl e Ar emulation If an emulation of a process is unknown, interpret system call maps assuming the named emulation instead of default "netbsd". t Ar command Execute .Ar command with the specified trace flags. t Fl v Ar version Determines the .Ar version of the file generated. Version 0 is the compatible ktrace format, and version 1 is the new format with lwp IDs and nanosecond (instead of microsecond) timestamps. .El
p The .Fl p , .Fl g , and .Ar command options are mutually exclusive. The .Fl R and .Fl T options are also mutually exclusive. .Sh EXAMPLES # trace all kernel operations of process id 34 .Dl $ ktrace -p 34
p d -literal # trace all kernel operations of processes in process group 15 and # pass the trace flags to all current and future children .Ed .Dl $ ktrace -idg 15
p # disable all tracing of process 65 .Dl $ ktrace -cp 65
p # disable tracing signals on process 70 and all current children .Dl $ ktrace -t s -cdp 70
p # enable tracing of .Tn I/O on process 67 .Dl $ ktrace -ti -p 67
p # run the command "w", tracing only system calls .Dl $ ktrace -tc w
p # disable all tracing to the file "tracedata" .Dl $ ktrace -c -f tracedata
p # disable tracing of all processes owned by the user .Dl $ ktrace -C
p # run the command "w", displaying to standard output .Dl $ ktruss w
p # trace process 42 and log the records to "ktruss.out" .Dl $ ktruss -p 42 -o ktruss.out
p # poll ktruss.out for available records and print them .Dl $ ktruss -lf ktruss.out .Sh SEE ALSO .Xr kdump 1 .Sh HISTORY The .Nm command appears in x 4.4 .
Indexes created Sun Oct 26 21:10:03 GMT 2025