Strace command in Linux with Examples

Strace is one of the most powerful process monitoring, diagnostic, instructional tool of Linux. It also acts as a debugging tool that helps in troubleshooting issues. It is majorly used for the following purposes:

  • Debugging Programs
  • Troubleshooting Programs
  • Intercept System calls by a process
  • Record system calls by a process
  • Signals received by a process
  • Trace running processes

In case the source code is not available, strace is used to analyze how a program interacts with the system to debug the executing of program. It returns the name of each system call along with its argument enclosed in parenthesis and its return value to standard error.

Installing strace Process Monitoring Tool

To install the strace tool use the following commands as per your Linux distribution.

In case of Debian/Ubuntu

$sudo apt install strace

In case of CentOS/RedHat



$yum install strace

Working with Strace Process Monitoring Tool

1. To get the system call, argument, and the result of the call.

$strace ls

Note: Here “ls” is the command whose system call is to be traced.

strace command in Linux

strace command in Linux

As can be seen, it displays the system call, argument(in parenthesis), and result of the call of ls command. And +++ exited with 0 +++, in the last line states that exit status is 0 which means there was no error. In case of an error, the exit code is -1.

2. To count number of system calls.

$strace -c ls

Note: Here “ls” is the command whose system call is to be traced.

To count number of system calls



As can be seen, it displays the number of times each system call was made and prints the total and even showing the number and time spent in each call.

3. To trace particular or specific system calls.

$strace -e trace=write ls

Note: Here “ls” is the command whose system call is to be traced. And the name of the system call which is to be traced is write.

To trace particular or specific system calls

As can be seen, it only displays the name, argument, and result of write system call.

4. To trace network related system calls

$strace -e trace=network nc -v -n 127.0.0.1 801

Note: Here “nc -v -n 127.0.0.1 801” is the command whose system call is to be traced. And the name of the system call which is to be traced is the network.

To trace network related system calls

As can be seen, it only displays the name, argument, and result of the network system call.

5. To trace signal related system calls



$strace -e trace=signal nc -v -n 127.0.0.1 801

Note: Here “nc -v -n 127.0.0.1 801” is the command whose system call is to be traced. And the name of the system call which is to be traced is signal.

To trace signal related system calls

As can be seen, it only displays the name, argument, and result of the signal system call.

6. To print timestamp of each call.

$strace -r ls

Note: Here “ls” is the command whose system call is to be traced.

To print timestamp of each call

To print timestamp of each call

As can be seen, it displays a relative timestamp upon entry to each system call. It records the time difference between the beginning of successive system calls.

7. To print time spent on system calls.

$strace -T ls

Note: Here “ls” is the command whose system call is to be traced.



To print time spent on system calls

To print time spent on system calls

As can be seen the time spent on each call is printed at the end of each line.

8. To print wall clock time of each system call.

$strace -t ls

Note: Here “ls” is the command whose system call is to be traced.

To print wall clock time of each system call

To print wall clock time of each system call

As it can be seen that the prefix of each line if the wall clock time itself of the system call.

9. To print instruction pointer.

$strace -i ls

Note: Here “ls” is the command whose system call is to be traced.



To print wall clock time of each system call

To print wall clock time of each system call

As can be seen, the instruction pointer is printed in each line of output.

10. To print output to a file

$strace -o output.txt ls

Note: Here “ls” is the command whose system call is to be traced. And output.txt is the name of the file in which output is to be stored.

To print wall clock time of each system call

To print wall clock time of each system call

As can be seen, the output of the command is stored in the output.txt file.

My Personal Notes arrow_drop_up

Check out this Author's contributed articles.

If you like GeeksforGeeks and would like to contribute, you can also write an article using contribute.geeksforgeeks.org or mail your article to contribute@geeksforgeeks.org. See your article appearing on the GeeksforGeeks main page and help other Geeks.

Please Improve this article if you find anything incorrect by clicking on the "Improve Article" button below.