strace command in linux

How to Use Strace Command in Linux

Linux provides many debugging tools for system administrators and software developers. Strace is one such debugging tool that allows you to track all the system messages sent and received by a process. In this article, we will look at how to use strace command in Linux.

How to Use Strace Command in Linux

How to Install Strace Command in Linux

Open terminal and run the following command to install strace command in Linux.


$ sudo apt install strace


$ sudo yum install strace

Once it is installed, you can check its version with the following command.

$ strace --version

Use Strace Command

Here is the basic syntax to run strace command.

$ strace OPTIONS command

For example, here is how to use strace command to track shell script /home/ubuntu/

$ strace /home/ubuntu/

It will list all system calls made by your script. On the last line, if you see exit status as 0 it means the script ran without any error. If exit status is -1 then it means that there was an error in execution.

Use Strace to Count System Calls

If you want to only get a count of all system calls made by a particular command or script, use -c option.

$ strace -c /home/ubuntu/

Display Specific System Calls

Strace command allows you to specify which kind of messages to be displayed in the output, using -e option. Here are the commands to display read and write signal calls.

$ strace -e trace=write /home/ubuntu/

$ strace -e trace=read /home/ubuntu/

Trace Network Calls

Similarly, you can also restrict strace to display network calls only. Here is an example to trace network call for command ‘ping -c 4’

$ strace -e trace=network ping -c 4

Trace Signal System Calls

Here is the command to display signal calls for command ‘ping -c 4’.

$ strace -e trace=signal ping -c 4

Print Timestamp of Each System Call

If you also want to print the timestamp of each system call, use -r option. As you can see below, it displays relative timestamp of each system call.

$ strace -r ping -c 4
     0.000000 execve("/bin/ping", ["ping", "", "-c", "4"], 0x7ffddf653f60                                                                                         /* 20 vars */) = 0
     0.009818 access("/etc/suid-debug", F_OK) = -1 ENOENT (No such file or direc                                                                                        tory)
     0.000182 brk(NULL)                 = 0x563bad79b000
     0.000126 fcntl(0, F_GETFD)         = 0
     0.000114 fcntl(1, F_GETFD)         = 0
     0.000075 fcntl(2, F_GETFD)         = 0
     0.000075 access("/etc/suid-debug", F_OK) = -1 ENOENT (No such file or direc                                                                                        tory)

Print Exact Time of Each System Call

If you want to display the exact time of each system call, then use the -t option.

$ strace -t /home/ubuntu/

Display Time Duration of Each System Call

If you want to print time duration of each system call then use -T option

$ strace -T /home/ubuntu/ 

Show Instruction Pointer

If you would like to see the instruction pointer for each system call, use the -i option.

$ strace -i /home/ubuntu/

Save Output of Strace Command

Finally, if you want to save the output of strace command simply use -o option followed by the file to which you want to save the output.

$ strace -o /home/ubuntu/syscall.txt /home/ubuntu/

In the above command we save the strace output to /home/ubuntu/syscall.txt file.

That’s it. In this article, we have learnt how to use strace command to trace the system calls made by a script, process or even a command in Linux. You can use these commands in all Linux distributions. It is a very useful command for software developers to easily debug their applications and fix issues quickly.

Also read:

Shell Script to Check Disk Space Usage and Send Email Alert
Shell Script to Check Memory and Send Email Alert
Linux Split File into Multiple Files
How to Schedule Reboot in Linux
How to Redirect Nohup Output to File

Leave a Reply

Your email address will not be published.