from Hacker News

Strace - The Sysadmin's Microscope (2010)

by jswanson on 8/30/12, 9:56 AM with 7 comments

  • by jbert on 8/30/12, 11:38 AM

    strace is fantastic. Since it captures the detail of (nearly) all interactions between the process and the outside world, you can use it to answer many questions.

    Why isn't this process invocation picking up my changed lib file? (strace, see if the changed file is being opened)

    What are the exact http req/responses being made during the problem? (strace server or proxy with large -s value to see all read/write/sendmsg/recvmsg etc)

    This tool fails when run as user X, probably a perms problem but which file? (strace, look for EPERM failures, probably to open())

    Which /proc files are necessary to the operation of tool X (useful when checking what will and won't run in a sandbox like dotcloud)?

    Main restrictions that I know of(in practice only the first is sometimes a problem to me):

    - http/ssl hides the buffer info from 'strace -s'. Another good reason for ssl offloading :-) - IO can occur via memory reads/writes after mmap(), which strace can't see

    ltrace is a pretty nice complement too (trace inside dynamically loaded libs).

  • by 3amOpsGuy on 8/30/12, 2:13 PM

    Strace is excellent for anything crossing the syscall boundary. Often though, we want to see interactions across library boundaries.

    A handy addition to the warrior's toolkit: http://linux.die.net/man/1/ltrace !

  • by reirob on 8/30/12, 12:50 PM

    Actually this tool is not only for Sysadmin's - it is very helpful for developers. I know there are other tools like gdb, etc. But if you have to use (calling from your program) other programs, or if the library that you use does something strange, then strace is a shortcut.

    From this article I learned that strace can be called to analyse an already running process (-p).

  • by tocomment on 8/30/12, 1:07 PM

    I've always been trying to find a program that will parse the strace output and create a call graph showing which programs call which programs and how long they run for.

    Has anyone seen anything like that? I think I've searched pretty extensively.

  • by krenoten on 8/30/12, 2:11 PM

    If you're on a BSD descendant check out dtrace instead - it's got a small learning curve but it's an unbelievably powerful tracer.