Forrest logo
back to the strace tool

strace:tldr:e7110

strace: Trace a process and filter output by system call.
$ strace -p ${pid} -e ${system_call_name}
try on your machine

The command "strace -p ${pid} -e ${system_call_name}" uses the strace utility to monitor and display the system calls invoked by a specific process identified by its process ID (${pid}).

System calls are interface functions provided by the operating system to allow processes to interact with kernel services. They are essential for tasks like reading/writing files, creating processes, allocating memory, and more.

The "-e" option is used to specify which system call(s) should be traced. ${system_call_name} represents the name of the system call. For example, if you wish to trace the "read" system call, you would replace ${system_call_name} with "read". Multiple system calls can be specified by separating them with commas or using a wildcard.

So when you run this command, strace attaches to the specified process ID and traces only the specified system call(s). It will display information such as the arguments passed, return values, and any errors encountered for the traced system call(s). This can be useful for debugging and understanding the behavior of a particular process.

This explanation was created by an AI. In most cases those are correct. But please always be careful and never run a command you are not sure if it is safe.
back to the strace tool