Annotation of src/usr.bin/ktrace/ktrace.1, Revision 1.27
1.27 ! guenther 1: .\" $OpenBSD: ktrace.1,v 1.26 2015/09/07 15:38:45 guenther Exp $
1.9 aaron 2: .\"
1.1 deraadt 3: .\" Copyright (c) 1990, 1993
4: .\" The Regents of the University of California. All rights reserved.
5: .\"
6: .\" Redistribution and use in source and binary forms, with or without
7: .\" modification, are permitted provided that the following conditions
8: .\" are met:
9: .\" 1. Redistributions of source code must retain the above copyright
10: .\" notice, this list of conditions and the following disclaimer.
11: .\" 2. Redistributions in binary form must reproduce the above copyright
12: .\" notice, this list of conditions and the following disclaimer in the
13: .\" documentation and/or other materials provided with the distribution.
1.12 millert 14: .\" 3. Neither the name of the University nor the names of its contributors
1.1 deraadt 15: .\" may be used to endorse or promote products derived from this software
16: .\" without specific prior written permission.
17: .\"
18: .\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
19: .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
20: .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
21: .\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
22: .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
23: .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
24: .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
25: .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
26: .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
27: .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
28: .\" SUCH DAMAGE.
29: .\"
30: .\" from: @(#)ktrace.1 8.1 (Berkeley) 6/6/93
31: .\"
1.27 ! guenther 32: .Dd $Mdocdate: September 7 2015 $
1.1 deraadt 33: .Dt KTRACE 1
1.7 aaron 34: .Os
1.1 deraadt 35: .Sh NAME
36: .Nm ktrace
37: .Nd enable kernel process tracing
38: .Sh SYNOPSIS
39: .Nm ktrace
1.23 guenther 40: .Op Fl aBCcdi
1.1 deraadt 41: .Op Fl f Ar trfile
1.14 jmc 42: .Op Fl g Ar pgid
1.1 deraadt 43: .Op Fl p Ar pid
44: .Op Fl t Ar trstr
45: .Nm ktrace
46: .Op Fl adi
47: .Op Fl f Ar trfile
48: .Op Fl t Ar trstr
1.6 aaron 49: .Ar command
1.1 deraadt 50: .Sh DESCRIPTION
1.6 aaron 51: .Nm ktrace
1.1 deraadt 52: enables kernel trace logging for the specified processes.
1.8 aaron 53: By default, kernel trace data is logged to the file
54: .Pa ktrace.out ,
55: unless overridden by the
56: .Fl f
57: option.
1.20 jmc 58: The kernel operations traced are system calls, namei translations,
59: signal processing, I/O and emulation changes.
1.1 deraadt 60: .Pp
61: Once tracing is enabled on a process, trace data will be logged until
62: either the process exits or the trace point is cleared.
63: A traced process can generate enormous amounts of log data quickly;
1.8 aaron 64: it is strongly suggested that users memorize how to disable tracing before
1.1 deraadt 65: attempting to trace a process.
66: The following command is sufficient to disable tracing on all user owned
1.25 jmc 67: processes and, if executed by root, all processes:
1.1 deraadt 68: .Pp
1.14 jmc 69: .Dl $ ktrace -C
1.1 deraadt 70: .Pp
1.6 aaron 71: The trace file is not human-readable; use
1.1 deraadt 72: .Xr kdump 1
73: to decode it.
74: .Pp
75: The options are as follows:
1.24 miod 76: .Bl -tag -width 9n
1.1 deraadt 77: .It Fl a
1.5 deraadt 78: Append to the trace file instead of recreating it.
1.23 guenther 79: .It Fl B
80: Set the
81: .Ev LD_BIND_NOW
82: environment variable to specify that the dynamic linker should process
83: relocations immediately instead of as they are encountered.
84: This eliminates the resulting
85: .Xr ld.so 1
86: relocation sequences.
1.1 deraadt 87: .It Fl C
1.25 jmc 88: Disable tracing on all user owned processes and, if executed by root, all
1.1 deraadt 89: processes in the system.
90: .It Fl c
1.20 jmc 91: Clear the trace points associated with the trace file or any specified
92: processes.
1.1 deraadt 93: .It Fl d
94: Descendants; perform the operation for all current children of the
95: designated processes.
1.17 jmc 96: .It Fl f Ar trfile
1.1 deraadt 97: Log trace records to
1.18 jmc 98: .Ar trfile
1.1 deraadt 99: instead of
100: .Pa ktrace.out .
1.7 aaron 101: .It Fl g Ar pgid
1.1 deraadt 102: Enable (disable) tracing on all processes in the process group (only one
103: .Fl g
104: flag is permitted).
105: .It Fl i
106: Inherit; pass the trace flags to all future children of the designated
107: processes.
1.7 aaron 108: .It Fl p Ar pid
1.6 aaron 109: Enable (disable) tracing on the indicated process ID (only one
1.1 deraadt 110: .Fl p
111: flag is permitted).
1.7 aaron 112: .It Fl t Ar trstr
1.1 deraadt 113: The string argument represents the kernel trace points, one per letter.
1.11 deraadt 114: The default flags are
1.13 jmc 115: .Cm c ,
116: .Cm e ,
117: .Cm i ,
118: .Cm n ,
1.21 otto 119: .Cm s ,
1.24 miod 120: .Cm t ,
1.27 ! guenther 121: .Cm u ,
1.22 jmc 122: and
1.27 ! guenther 123: .Cm x .
1.1 deraadt 124: The following table equates the letters with the tracepoints:
125: .Pp
1.14 jmc 126: .Bl -tag -width flag -offset indent -compact
1.1 deraadt 127: .It Cm c
128: trace system calls
129: .It Cm e
130: trace emulation changes
131: .It Cm i
1.14 jmc 132: trace I/O
1.11 deraadt 133: .It Cm n
134: trace namei translations
1.1 deraadt 135: .It Cm s
136: trace signal processing
1.21 otto 137: .It Cm t
138: trace various structures
1.24 miod 139: .It Cm u
140: trace user data coming from
141: .Xr utrace 2
1.27 ! guenther 142: .It Cm x
! 143: trace argument vector in
! 144: .Xr execve 2
! 145: .It Cm X
! 146: trace environment in
! 147: .Xr execve 2
1.20 jmc 148: .It Cm +
149: trace the default points
1.1 deraadt 150: .El
151: .It Ar command
152: Execute
153: .Ar command
154: with the specified trace flags.
155: .El
156: .Pp
157: The
158: .Fl p ,
159: .Fl g ,
160: and
161: .Ar command
162: options are mutually exclusive.
1.13 jmc 163: .Sh FILES
164: .Bl -tag -width ktrace.out -compact
165: .It Pa ktrace.out
166: default ktrace dump file
167: .El
1.1 deraadt 168: .Sh EXAMPLES
1.16 jmc 169: Trace all kernel operations of process ID 34:
1.1 deraadt 170: .Dl $ ktrace -p 34
1.16 jmc 171: .Pp
172: Trace all kernel operations of processes in process group 15 and
173: pass the trace flags to all current and future children:
1.1 deraadt 174: .Dl $ ktrace -idg 15
175: .Pp
1.16 jmc 176: Disable all tracing of process 65:
1.1 deraadt 177: .Dl $ ktrace -cp 65
178: .Pp
1.16 jmc 179: Disable tracing signals on process 70 and all current children:
1.1 deraadt 180: .Dl $ ktrace -t s -cdp 70
181: .Pp
1.16 jmc 182: Enable tracing of I/O on process 67:
1.1 deraadt 183: .Dl $ ktrace -ti -p 67
184: .Pp
1.16 jmc 185: Run the command
186: .Xr w 1 ,
187: tracing only system calls:
1.1 deraadt 188: .Dl $ ktrace -tc w
189: .Pp
1.16 jmc 190: Disable all tracing to the file "tracedata":
1.1 deraadt 191: .Dl $ ktrace -c -f tracedata
192: .Pp
1.16 jmc 193: Disable tracing of all processes owned by the user:
1.1 deraadt 194: .Dl $ ktrace -C
195: .Sh SEE ALSO
1.15 grunk 196: .Xr kdump 1 ,
1.24 miod 197: .Xr ktrace 2 ,
198: .Xr utrace 2
1.1 deraadt 199: .Sh HISTORY
200: The
201: .Nm ktrace
1.6 aaron 202: command appeared in
1.1 deraadt 203: .Bx 4.4 .