*Hi Shameem, * This *strace* option help you. Importantly *<starce -e trace=open,close>*
--------------------------------------------------------------------------------------------------------------------------------------------------------- *-e* *expr* A qualifying expression which modifies which events to trace or how to trace them. The format of the expression is: [*qualifier**=*][*!*]*value1*[*,**value2*]... where *qualifier* is one of *trace*, *abbrev*, *verbose*, *raw*, *signal*, * read*, or *write* and *value* is a qualifier-dependent symbol or number. The default qualifier is *trace*. Using an exclamation mark negates the set of values. For example, *-eopen* means literally *-e trace=open* which in turn means trace only the *open* system call. By contrast, *-etrace=!open* means to trace every system call except *open*. In addition, the special values * all* and *none* have the obvious meanings. Note that some shells use the exclamation point for history expansion even inside quoted arguments. If so, you must escape the exclamation point with a backslash. *-e trace=**set* Trace only the specified set of system calls. The *-c*option is useful for determining which system calls might be useful to trace. For example, *trace=open,close,read,write* means to only trace those four system calls. Be careful when making inferences about the user/kernel boundary if only a subset of system calls are being monitored. The default is *trace=all*. *-e trace=file* Trace all system calls which take a file name as an argument. You can think of this as an abbreviation for *-e trace=open,stat,chmod,unlink,*... which is useful to seeing what files the process is referencing. Furthermore, using the abbreviation will ensure that you don't accidentally forget to include a call like *lstat* in the list. Betchya woulda forgot that one. *-e trace=process* Trace all system calls which involve process management. This is useful for watching the fork, wait, and exec steps of a process. *-e trace=network* Trace all the network related system calls. *-e trace=signal* Trace all signal related system calls. *-e trace=ipc* Trace all IPC related system calls. *-e trace=desc* Trace all file descriptor related system calls. *-e abbrev=**set* Abbreviate the output from printing each member of large structures. The default is * abbrev=all*. The *-v* option has the effect of *abbrev=none*. *-e verbose=** set* Dereference structures for the specified set of system calls. The default is *verbose=all*. *-e raw=**set* Print raw, undecoded arguments for the specified set of system calls. This option has the effect of causing all arguments to be printed in hexadecimal. This is mostly useful if you don't trust the decoding or you need to know the actual numeric value of an argument. *-e signal=**set* Trace only the specified subset of signals. The default is *signal=all*. For example, *signal=!SIGIO* (or *signal=!io*) causes SIGIO signals not to be traced. *-e read=**set* Perform a full hexadecimal and ASCII dump of all the data read from file descriptors listed in the specified set. For example, to see all input activity on file descriptors 3 and 5 use *-e read=3,5*. Note that this is independent from the normal tracing of the *read<http://linux.die.net/man/2/read> *(2) system call which is controlled by the option *-e trace=read*. *-e write=**set* Perform a full hexadecimal and ASCII dump of all the data written to file descriptors listed in the specified set. For example, to see all output activity on file descriptors 3 and 5 use *-e write=3,5*. Note that this is independent from the normal tracing of the *write<http://linux.die.net/man/2/write> *(2) system call which is controlled by the option *-e trace=write*. *Regards:* Pulkit Goel *mail:* [email protected] [email protected] On Thu, Nov 26, 2009 at 7:49 PM, Shameem Ahamed <[email protected]>wrote: > Hello Vinit, > > Thanks for the reply. > > I have already tried that. But in a busy server, with approximately 50-100 > children created per hour, It will be a very tedious task. > > Do anyone know any other tools like strace ?. > > Regards, > Shameem > > --- On Thu, 11/26/09, vinit dhatrak <[email protected]> wrote: > > > From: vinit dhatrak <[email protected]> > > Subject: Re: tracing only direct childrens > > To: "Shameem Ahamed" <[email protected]> > > Cc: [email protected] > > Date: Thursday, November 26, 2009, 7:31 PM > > On Thu, Nov 26, 2009 at 6:56 PM, > > Shameem Ahamed > > <[email protected]> > > wrote: > > > Hi Guys, > > > > > > I know this is not the correct list to ask this > > question. But I am sure somebody from here can help me out. > > > > > > My problem is, i am trying to trace a currently > > running Apache root process for creation of childs using > > strace. But strace also lists the details of childs of > > childs. I want to restrict my trace only to the direct > > childrens. > > > > > > How can we do it? . > > > > > > Regards, > > > Shameem > > > > > > > > > > > > > > > -- > > > To unsubscribe from this list: send an email with > > > "unsubscribe kernelnewbies" to [email protected] > > > Please read the FAQ at http://kernelnewbies.org/FAQ > > > > > > > > > > I am not aware of any such direct option available for > > strace program > > but I can suggest you other ways. You can use "-p" option > > and give > > list which will include pids of root process and its > > immediate > > children if processes are already started. > > > > Or you can dump the trace output to the file rather than to > > stderr > > using "-o filename" option. If you use "-ff" to trace child > > processes > > rather than just "-f" then you will get trace output as > > "filename.pid". Now you can observe each process's trace > > separately > > per pid. > > > > Hope this helps. > > > > -Vinit > > > > > > > -- > To unsubscribe from this list: send an email with > "unsubscribe kernelnewbies" to [email protected] > Please read the FAQ at http://kernelnewbies.org/FAQ > >
