Process examination with strace

One of the most useful commands in the Linux toolbox is strace. This command helps in all cases where the activity of a process shall be investigated. strace traces system calls and signals. The name of the system calls their arguments and their return values are dispalyed on STDERR or written to a file. The output of the command itself is written to STDOUT. strace starts a program and traces it until it exists. But it is also possible to connect to an already running process.

Trace the command free

strace free

Trace only the open system calls of free

strace -e trace=open free

Trace all system calls except open (bash)

strace -e trace=\!open free

Trace all network related system calls of ifconfig

strace -e trace=network ifconfig

strace prints the system calls to stderr. The following command prints these system calls and the output of free itself into one single file.

strace free > /tmp/strace.txt 2>&1

Trace an already running process

strace -p PID

See the man page for more features.