ktrace - enable kernel process tracing
ktrace [-aCcdi] [-f trfile] [-g pgid] [-p pid] [-t trstr]
ktrace [-adi] [-f trfile] [-t trstr] command
ktrace enables kernel trace logging for the specified processes. By default,
kernel trace data is logged to the file ktrace.out,
by the -f option. The kernel operations that are
system calls, namei translations, signal processing, and
Once tracing is enabled on a process, trace data will be
logged until either
the process exits or the trace point is cleared. A
can generate enormous amounts of log data quickly; it is
that users memorize how to disable tracing before attempting to
trace a process. The following command is sufficient to
on all user owned processes, and, if executed by root, all
$ ktrace -C
The trace file is not human-readable; use kdump(1) to decode
The options are as follows:
-a Append to the trace file instead of recreating it.
-C Disable tracing on all user owned processes, and,
by root, all processes in the system.
-c Clear the trace points associated with the specified file or
-d Descendants; perform the operation for all current
the designated processes.
-f file Log trace records to file instead of ktrace.out.
-g pgid Enable (disable) tracing on all processes in the
(only one -g flag is permitted).
-i Inherit; pass the trace flags to all future children of the
-p pid Enable (disable) tracing on the indicated process
ID (only one
-p flag is permitted).
-t trstr The string argument represents the kernel trace
points, one per
letter. The default flags are c, e, i, n, and s.
table equates the letters with the tracepoints:
c trace system calls
e trace emulation changes
i trace I/O
n trace namei translations
s trace signal processing
w trace context switch points
command Execute command with the specified trace flags.
The -p, -g, and command options are mutually exclusive.
ktrace.out default ktrace dump file
# trace all kernel operations of process ID 34
$ ktrace -p 34
# trace all kernel operations of processes in process group
# pass the trace flags to all current and future children
$ ktrace -idg 15
# disable all tracing of process 65
$ ktrace -cp 65
# disable tracing signals on process 70 and all current
$ ktrace -t s -cdp 70
# enable tracing of I/O on process 67
$ ktrace -ti -p 67
# run the command "w", tracing only system calls
$ ktrace -tc w
# disable all tracing to the file "tracedata"
$ ktrace -c -f tracedata
# disable tracing of all processes owned by the user
$ ktrace -C
The ktrace command appeared in 4.4BSD.
OpenBSD 3.6 June 6, 1993
[ Back ]