[root@k8s harbortest]# strace -h
Usage: strace[-ACdffhikqqrtttTvVwxxyyzZ][-I N][-b execve][-e EXPR]...
[-a COLUMN][-o FILE][-s STRSIZE][-X FORMAT][-O OVERHEAD][-S SORTBY][-P PATH]... [-p PID]... [-U COLUMNS][--seccomp-bpf]{-p PID |[-DDD][-E VAR=VAL]... [-u USERNAME] PROG [ARGS]}
or: strace -c[dfwzZ][-I N][-b execve][-e EXPR]... [-O OVERHEAD][-S SORTBY][-P PATH]... [-p PID]... [-U COLUMNS][--seccomp-bpf]{-p PID |[-DDD][-E VAR=VAL]... [-u USERNAME] PROG [ARGS]}
General:
-e EXPR a qualifying expression: OPTION=[!]all or OPTION=[!]VAL1[,VAL2]...
options: trace, abbrev, verbose, raw, signal, read, write, fault,
inject, status, quiet, kvm, decode-fds
Startup:
-EVAR=VAL, --env=VAR=VAL
put VAR=VAL in the environment forcommand-E VAR, --env=VAR
remove VAR from the environment forcommand-p PID, --attach=PID
trace process with process id PID, may be repeated
-u USERNAME, --user=USERNAME
run command as USERNAME handling setuid and/or setgid
Tracing:
-b execve, --detach-on=execve
detach on execve syscall
-D, --daemonize[=grandchild]
run tracer process as a grandchild, not as a parent
-DD, --daemonize=pgroup
run tracer process in a separate process group
-DDD, --daemonize=session
run tracer process in a separate session
-f, --follow-forks
follow forks
-ff, --follow-forks --output-separately
follow forks with output into separate files
-I INTERRUPTIBLE, --interruptible=INTERRUPTIBLE
1, anywhere: no signals are blocked
2, waiting: fatal signals are blocked while decoding syscall (default)3, never: fatal signals are always blocked (default if'-o FILE PROG')4, never_tstp: fatal signals and SIGTSTP (^Z) are always blocked
(useful to make'strace -o FILE PROG' not stop on ^Z)
Filtering:
-etrace=[!]{[?]SYSCALL[@64|@32|@x32]|[?]/REGEX|GROUP|all|none},
--trace=[!]{[?]SYSCALL[@64|@32|@x32]|[?]/REGEX|GROUP|all|none}
trace only specified syscalls.
groups: %clock, %creds, %desc, %file, %fstat, %fstatfs %ipc, %lstat,
%memory, %net, %process, %pure, %signal, %stat, %%stat,
%statfs, %%statfs
-esignal=SET, --signal=SET
trace only the specified set of signals
print only the signals from SET
-estatus=SET, --status=SET
print only system calls with the return statuses in SET
statuses: successful, failed, unfinished, unavailable, detached
-PPATH, --trace-path=PATH
trace accesses to PATH
-z, --successful-only
print only syscalls that returned without an error code
-Z, --failed-only
print only syscalls that returned with an error code
Output format:
-a COLUMN, --columns=COLUMN
alignment COLUMN for printing syscall results (default 40)-eabbrev=SET, --abbrev=SET
abbreviate output for the syscalls in SET
-everbose=SET, --verbose=SET
dereference structures for the syscall in SET
-eraw=SET, --raw=SET
print undecoded arguments for the syscalls in SET
-eread=SET, --read=SET
dump the data read from the file descriptors in SET
-ewrite=SET, --write=SET
dump the data written to the file descriptors in SET
-equiet=SET, --quiet=SET
suppress various informational messages
messages: attach, exit, path-resolution, personality, thread-execve
-ekvm=vcpu, --kvm=vcpu
print exit reason of kvm vcpu
-e decode-fds=SET, --decode-fds=SET
what kinds of file descritor information details to decode
details: dev (device major/minor for block/char device files)
path (file path),
pidfd (associated PID for pidfds),
socket (protocol-specific information for socket descriptors)
-i, --instruction-pointer
print instruction pointer at time of syscall
-k, --stack-traces
obtain stack trace between each syscall
-o FILE, --output=FILE
send trace output to FILE instead of stderr
-A, --output-append-mode
open the file provided in the -o option in append mode
--output-separately
output into separate files (by appending pid to file names)
-q, --quiet=attach,personality
suppress messages about attaching, detaching, etc.
-qq, --quiet=attach,personality,exit
suppress messages about process exit status as well.
-qqq, --quiet=all
suppress all suppressible messages.
-r, --relative-timestamps[=PRECISION]
print relative timestamp
precision: one of s, ms, us, ns; default is microseconds
-s STRSIZE, --string-limit=STRSIZE
limit length of print strings to STRSIZE chars (default 32)
--absolute-timestamps=[[format:]FORMAT[,[precision:]PRECISION]]set the format of absolute timestamps
format: none, time, or unix; default is time
precision: one of s, ms, us, ns; default is seconds
-t, --absolute-timestamps[=time]
print absolute timestamp
-tt, --absolute-timestamps=[time,]us
print absolute timestamp with usecs
-ttt, --absolute-timestamps=unix,us
print absolute UNIX time with usecs
-T, --syscall-times[=PRECISION]
print time spent in each syscall
precision: one of s, ms, us, ns; default is microseconds
-v, --no-abbrev
verbose mode: print entities unabbreviated
-x, --strings-in-hex=non-ascii
print non-ascii strings in hex
-xx, --strings-in-hex[=all]
print all strings in hex
-X FORMAT, --const-print-style=FORMAT
set the FORMAT for printing of named constants and flags
formats: raw, abbrev, verbose
-y, --decode-fds[=path]
print paths associated with file descriptor arguments
-yy, --decode-fds=all
print all available information associated with file
descriptors in addition to paths
Statistics:
-c, --summary-only
count time, calls, and errors for each syscall and report
summary
-C, --summary like -c, but also print the regular output
-O OVERHEAD[UNIT], --summary-syscall-overhead=OVERHEAD[UNIT]set overhead for tracing syscalls to OVERHEAD UNITs
units: one of s, ms, us, ns; default is microseconds
-S SORTBY, --summary-sort-by=SORTBY
sort syscall counts by: time, min-time, max-time, avg-time,
calls, errors, name, nothing (default time)-UCOLUMNS, --summary-columns=COLUMNS
show specific columns in the summary report: comma-separated
list of time-percent, total-time, min-time, max-time,
avg-time, calls, errors, name
(default time-percent,total-time,avg-time,calls,errors,name)
-w, --summary-wall-clock
summarise syscall latency (default is system time)
Tampering:
-einject=SET[:error=ERRNO|:retval=VALUE][:signal=SIG][:syscall=SYSCALL][:delay_enter=DELAY][:delay_exit=DELAY][:when=WHEN],
--inject=SET[:error=ERRNO|:retval=VALUE][:signal=SIG][:syscall=SYSCALL][:delay_enter=DELAY][:delay_exit=DELAY][:when=WHEN]
perform syscall tampering for the syscalls in SET
delay: microseconds or NUMBER{s|ms|us|ns}
when: FIRST[..LAST][+[STEP]]-efault=SET[:error=ERRNO][:when=WHEN], --fault=SET[:error=ERRNO][:when=WHEN]
synonym for-e inject with default ERRNO set to ENOSYS.
Miscellaneous:
-d, --debugenable debug output to stderr
-h, --help print help message
--seccomp-bpf enable seccomp-bpf filtering
-V, --version print version
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
