Also you have to say the kernel what system calls to trace by -t parameter. -t parameter has following options:
c trace system calls
n trace namei translations
i trace I/O
s trace signal processing
t trace various structures
u userland traces
w context switches
+ trace the default set of trace points - c, n, i, s, t, u
While tracing is going in kernel , logging stops when the process stops execution or trace popint ends. The other way is to use -c parameter of the ktrace and provide the pid of the process to stop tracing any further.
to trace and log any running processes simply use the -p parameter and pass the process number (pid) to ktrace. here is a simple example with ktrace to trace find command:
# ktrace -t+w /usr/bin/find /
and following is a short snippet from the log created by ktrace and dispayled using kdump utility
# kdump -f ktrace.out
The log file created by ktrace can be read with kdump utility. Simply pass your ktrace log filename to kdump with -f parameter.
No comments:
Post a Comment