read the transcript!
overwhelmed by all the system calls. you don’t understand? Try
strace -e open
and it’ll just show you opens. much simpler!
-f is for follow
Does your program start subprocesses! lots do!
-f to see what those are doing too. Or just always use
-f! That’s what I do.
-p is for PID
“OH NO I STARTED THE PROGRAM 6 HOURS AGO AND NOW I WANT TO STRACE IT”
Do not worry! Just find your process’s PID (like 747) and
strace -p 747
(tip: if the process runs as root you’ll need to be root, too because SECURITY)
-s is for strings!!
Sometimes I’m looking at the output of a recvfrom and it’s like:
recvfrom (6, “And then the monster…”)
and OH NO THE SUSPENSE.
strace -s 800 will show you the first 800 characters of each string. I use it all the time!
-o is for output!
Let’s get real. No matter what, strace prints too much damn output. Use
strace -o too_much_stuff.txt and sort through it later.
Have no idea which file the file descriptor “3” refers to?
-y is a flag in newer versions of strace, and it’ll show you filenames instead of just numbers!
Putting it all together:
Want to spy on an ssh session?
strace -f -o ssh.txt ssh juliabox.com
Want to see what files a Dropbox sync process is opening? (with PID: 230)
strace -f -p230 -e open