strace is a debugging tool on Linux used to monitor system calls made by a program and all the signals it receives, similar to the "truss" tool on other Unix systems. It's made possible through a Linux kernel feature called ptrace.
The most common use is to launch a program using strace, which displays a list of system calls made by the program. This is useful when a program continually crashes or doesn't behave as expected. For example, using strace can reveal that the program is trying to access a file that doesn't exist or can't be read.
Another use is to use the -p option to attach it to a running program. This is useful when a program stops responding, and can reveal, for example, that the process is blocked waiting to make a network connection.
Since strace only details system calls, it can't be used as a code debugger like Gdb. However, it remains simpler to use than a code debugger and is an extremely useful tool for system administrators.
In this documentation, I won't discuss ltrace much because its usage is quite similar to strace.
The -f option of strace traces child processes as they are created by currently traced processes following the fork system call.
All you need to do is analyze the lines to see the issue. This can be tedious depending on the number of lines, but generally the information about your problem is here.
Redirecting Output to a File
If we want to redirect all of strace's output (initially on error output) to a file using the -o option:
As you now know, strace works on error output, so if you want to work on it with grep or other commands on-the-fly (without redirecting to a file), you'll need to use redirection:
# Reading an l from the keyboardread(10,"l"...,1)=1# Writing the l to the screen (the one it just read)write(10,"l"...,1)=1# Reading the sread(10,"s"...,1)=1# writing the swrite(10,"\10ls"...,3)=3# reading the enter key (in C)read(10,""..., 1) = 1write(10,""..., 2) = 2alarm(0)=0ioctl(10,SNDCTL_TMR_STOPorTCSETSW,{B38400opostisigicanonecho...})=0time(NULL)=1229629587pipe([3,4])=0gettimeofday({1229629587,864550},{0,0})=0# clone ----> a new process is created, in fact fork() executes the clone system call, the new pid is 4024clone(child_stack=0,flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD,child_tidptr=0xb7ddd998)=4024close(4)=0read(3,""...,1)=0close(3)=0rt_sigprocmask(SIG_BLOCK,[CHLD],[CHLD],8)=0rt_sigsuspend([])=?ERESTARTNOHAND(Toberestarted)---SIGCHLD(Childexited)@0(0)---rt_sigprocmask(SIG_BLOCK,~[RTMINRT_1],[CHLD],8)=0rt_sigprocmask(SIG_SETMASK,[CHLD],~[KILLSTOPRTMINRT_1],8)=0# The end of the child process (4024)wait4(-1,[{WIFEXITED(s)&&WEXITSTATUS(s)==0}],WNOHANG|WSTOPPED,{ru_utime={0,0},ru_stime={0,0},...})=4024gettimeofday({1229629587,867012},{0,0})=0ioctl(10,SNDCTL_TMR_TIMEBASEorTCGETS,{B38400opostisigicanonecho...})=0ioctl(10,TIOCGPGRP,[4024])=0ioctl(10,TIOCSPGRP,[3982])=0ioctl(10,TIOCGWINSZ,{ws_row=38,ws_col=127,ws_xpixel=1270,ws_ypixel=758})=0wait4(-1,0xbfe3f48c,WNOHANG|WSTOPPED,0xbfe3f434)=-1ECHILD(Nochildprocesses)# It wonders what time it is :-)time(NULL)=1229629587ioctl(10,TIOCSPGRP,[3982])=0fstat64(0,{st_mode=S_IFCHR|0620,st_rdev=makedev(136,3),...})=0fcntl64(0,F_GETFL)=0x2(flagsO_RDWR)# It wonders under which UID it is runninggetuid32()=1000# It rewrites the promptwrite(1,"\33]0;phil@philpep.ath.cx ~\7"...,26)=26rt_sigprocmask(SIG_BLOCK,[CHLD],[CHLD],8)=0# It asks again what time it istime(NULL)=1229629587rt_sigaction(SIGINT,{0x80a8fd0,[],SA_INTERRUPT},NULL,8)=0write(10,"\33[1m\33[3m%\33[23m\33[1m\33[0m "...,149)=149time(NULL)=1229629587# It opens the file /etc/localtimestat64("/etc/localtime",{st_mode=S_IFREG|0644,st_size=2945,...})=0ioctl(10,FIONREAD,[0])=0ioctl(10,TIOCSPGRP,[3982])=0ioctl(10,SNDCTL_TMR_STOPorTCSETSW,{B38400opostisig-icanon-echo...})=0write(10,"\33[0m\33[23m\33[24m\33[J\33[01;30m[\33[01;3"..., 105) = 105write(10,"\33[K\33[81C \33[01;30m18/12/08 20:46:"...,46)=46# It waits for a new inputread(10,Process3982detached