In linux environment when you run any piece of code, any application or software. The piece of code actually maps to the some set of instructions in kernel level. To see those instructions that are being executed for that piece of code we can use this tool called strace. We will see what system calls kernel is executing.
Installation:
sudo apt-get install strace
Usage:
After this is installed you can use it. To see its options type the below command
strace -h
Keep in mind you have to run it with sudo or root.
Lets try to debug a command df
Look at the below command to do it.
strace df
You will see lot of lines coming up that were executed to get the output required. These lines consists of the kernel level function that it called for the command to complete. You can find various commands like open,stat, statfs,close, read, lseek, etc.
You can read about these functions here.
http://man7.org/linux/man-pages/man2/syscalls.2.html
Now you will be able to map what any command does at kernel level to present you with the output it needs.
Recommended books for devops and linux admin
How to attach strace to running process?
You have to find the ID of process you want to attach strace to. To do so you can simple run the below command
ps aux| grep "program matching string"
Second column in the output is your ID.
Now you can run the below command to start watching the list of system calls happening for your process.
strace -p pid
You can read about other option of strace and use it. To do so you can type
man strace
It will show all the options and arguments that you can use.
Strace is a very powerful tool when it comes to checking performance of the system. You can go through articles of
http://www.brendangregg.com/blog/2014-05-11/strace-wow-much-syscall.html
Brendan Gregg’s Blog is an awesome place to learn about system performance and stuff related to that.
This was an small introduction on how you can start using strace.
If you like the article please share and subscribe. You can also read recent articles below.
