Linux strace command

11

Linux provides a wealth of debugging tools for troubleshooting services and applications. A beneficial tool to developers is the Linux strace command. The strace command is a debugging and troubleshooting tool that intercepts and records system calls made and received by a process. It provides an elaborate binary sequence from the beginning right to the end.

In this tutorial, we delve into the Linux strace command and demonstrate a few example usages.

Basic command syntax

The strace command takes the following syntax:

How to install Linux strace command

Most modern Linux distributions ship with strace utility by default. However, if strace is not installed on your system for whatever reason, follow the steps below to install it.

On Debian / Ubuntu

If you are running Debian / Ubuntu-based systems, execute:

$ sudo apt install strace

On RHEL / CentOS

$ sudo yum install strace

To verify that strace is installed, you can check its version as shown.

Let’s now check out a few example usages.

Basic strace command

In its most basic format, the strace command will trace and display system calls, the arguments (enclosed in square braces or parenthesis), and the executable call.

In the example below, we can see the arguments of running the script hello.sh, call enclosed in parenthesis in the first line.

linux strace command Linux strace command 1623235776 49 Linux strace command

At the very last line, you can see the exit status of the command, in this case, 0. This implies that the command was executed successfully without any error. An exit code of -1 signifies that an error was encountered during execution.

linux strace command Linux strace command 1623235776 650 Linux strace command

Count the system calls

If you want to get the number of system calls, use the -c option for the count as shown.

linux strace command Linux strace command 1623235777 840 Linux strace command

From the output above, you can see the number of system calls made, including making the calls.

Display specific system calls with strace

Additionally, you can choose to view the nature of system calls made with strace using the -e option followed by the nature of the system call. In the snippet shown, we have displayed the write and read system calls.

$ strace -e trace=write ./hello.sh

$ strace -e trace=read ./hello.sh

linux strace command Linux strace command 1623235778 918 Linux strace command

Trace network system calls

You can restrict strace to displaying network system calls by specifying the type of call. Here. trace=network indicates that we intend to get the network call of the network command ping 8.8.8.8 -c 4.

$ strace -e trace=network ping 8.8.8.8 -c 4

linux strace command Linux strace command 1623235778 855 Linux strace command

Trace signal system calls

For system-related calls, use the argument as indicated in the command below. The command prints out the signal-caller for the ping 8.8.8.8 -c 4 command.

$ strace -e trace=signal ping 8.8.8.8 -c 4

linux strace command Linux strace command 1623235779 625 Linux strace command

Printing the timestamp of each system call

To extract the timestamp for each system call, use the -r option as demonstrated in the following command.

$ strace -r ping 8.8.8.8 -c 4

As you can see, a relative timestamp is printed for each system call. The time difference between successive system calls is captured and recorded.

linux strace command Linux strace command 1623235779 745 Linux strace command

Display the duration spent on making system calls

In addition, you can print out the duration of time spent for every system call using the -T option as shown. The time spent is indicated in the very last column as indicated.

$ strace -T ping 8.8.8.8 -c 4

linux strace command Linux strace command 1623235780 544 Linux strace command

Display the exact time of each system call

To print the actual or exact time of the system calls, invoke the -t option as shown. The real-time or wall clock time is printed in the first column.

linux strace command Linux strace command 1623235780 853 Linux strace command

Display the instruction pointer for each call

To print the instruction pointer for every system call, use the -i option.

linux strace command Linux strace command 1623235781 860 Linux strace command

Save the output of system calls to a text file

Finally, the strace command gives you the option of saving the output to a text file, as shown.

$ strace -o sample_output.txt ./hello.sh

Here, sample_output.txt is the output file, while ./hello.sh is the command whose system calls we are tracing.

linux strace command Linux strace command 1623235781 449 Linux strace command

Wrapping up

The Strace command is a handy and powerful command-line utility that helps debug applications, commands, and processes, especially if you don’t have the source code available. It’s the go-to tool of choice for software developers and system administrators.

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More