Changes

Suppose some program on your system refuses to work or it works,but musch much slower then you've expected. How can you investigate yourself the reasonof such undesirable behaviour? First of all , you can read and analyze logs that this program does (if it does). It's very usefull useful to run unkindly program with<tt>--verbose</tt> argument or somehow else increase the log level, if the program allows that.

<ttpre>strace -o strace.out -ff touch /tmp/file</tt> <tt>-o strace.out</tt> option means that strace program will output all investigated informationto the file named <tt>strace.out</tt> <tt>touch /tmp/file</ttpre> is the program with arguments to strace

If Here * <tt>-o strace.out</tt> option means that strace program will output all informationto the process under file named <tt>strace (touch in our case) forks child processes, then, thanks to .out</tt>;* <tt>-ff</tt> option, child processesare straced too, and ouputs are means to strace the forked children of the program. Child straces outputs will be placed in to <tt>strace.out.PID</tt> files appropriately, where PID is a pid of the child.* <tt>touch /tmp/file</tt> is the program with arguments which is to be straced.

So this is what we have in <tt>strace.out</tt>:

StraceAnalysis of <tt>strace.out </tt>, in conjunction with reading the source code , is realy very powerfull powerful thing. So Even if you can't analyze not understand strace yurself - output yourself &mdash; send itto the developers, it'll be really helpful.

Sometimes (for example if a program works slow) you are also intersted in time, that the program spends in syscalls. Than

As you've seen strace program shows arguments of syscalls. But if arguments are a pointers it shows us only 32 bytes from these pointers.To increase this number use <tt>-s</tt> option.