Problem: You want to know what an unfamiliar process is doing
Solution: To attach to a running process and trace system calls,
# strace -p pid
To trace network system calls:
# strace -e trace=network,read,write
# strace -e trace=network,read,write finger katie@server1.example.com
Run strace against /bin/sshd and capture its output to a text file in output.txt:
$ strace -o output.txt /bin/sshd
You can strace the webserver process and see what it's doing. For example, strace apache process, enter:
$ strace -p 22254 -s 80 -o /tmp/debug.httpd.txt
To see only a trace of the open, read system calls, enter:
$ strace -e trace=open,read -p 22254 -s 80 -o debug.apache.txt
-o filename : Write the trace output to the file filename rather than to screen (stderr).
-p PID : Attach to the process with the process ID pid and begin tracing. The trace may be terminated at any time by a keyboard interrupt signal (hit CTRL-C). strace will respond by detaching itself from the traced process(es) leaving it (them) to continue running. Multiple -p options can be used to attach to up to 32 processes in addition to command (which is optional if at least one -p option is given).
-s SIZE : Specify the maximum string size to print (the default is 32).
No comments:
Post a Comment