Hi Shameem,
This strace option help you. Importantly <starce -e trace=open,close>
---------------------------------------------------------------------------------------------------------------------------------------------------------
-e expr
A qualifying _expression_ which modifies which events to trace or how to trace them. The format of the _expression_ is:
[qualifier=][!]value1[,value2]...
- where qualifier is one of trace, abbrev, verbose, raw, signal, read, or write and value is a
qualifier-dependent symbol or number. The default qualifier is trace. Using an exclamation mark negates the set of values. For example,
-eopen means literally -e trace=open which in turn means trace only the open system call. By contrast,
-etrace=!open means to trace every system call except open. In addition, the special values all and none have the obvious
meanings.
Note that some shells use the exclamation point for history expansion even inside quoted arguments. If so, you must escape the exclamation point with a backslash.
- -e trace=set
- Trace only the specified set of system calls. The -c option is useful for determining which system calls might be useful to trace. For example, trace=open,close,read,write means to only trace those four system calls. Be careful when making inferences about the user/kernel boundary if only a subset of system calls are being monitored. The default is trace=all.
- -e trace=file
- Trace all system calls which take a file name as an argument. You can think of this as an abbreviation for -e trace=open,stat,chmod,unlink,... which is useful to seeing what files the process is referencing. Furthermore, using the abbreviation will ensure that you don't accidentally forget to include a call like lstat in the list. Betchya woulda forgot that one.
- -e trace=process
- Trace all system calls which involve process management. This is useful for watching the fork, wait, and exec steps of a process.
- -e trace=network
- Trace all the network related system calls.
- -e trace=signal
- Trace all signal related system calls.
- -e trace=ipc
- Trace all IPC related system calls.
- -e trace=desc
- Trace all file descriptor related system calls.
- -e abbrev=set
- Abbreviate the output from printing each member of large structures. The default is abbrev=all. The -v option has the effect of abbrev=none.
- -e verbose=set
- Dereference structures for the specified set of system calls. The default is verbose=all.
- -e raw=set
Print raw, undecoded arguments for the specified set of system calls. This option has the effect of causing all arguments to be printed in hexadecimal. This is mostly useful if you don't trust the decoding or you need to know the actual numeric value of an argument.
- -e signal=set
- Trace only the specified subset of signals. The default is signal=all. For example, signal=!SIGIO (or signal=!io) causes SIGIO signals not to be traced.
- -e read=set
Perform a full hexadecimal and ASCII dump of all the data read from file descriptors listed in the specified set. For example, to see all input activity on file descriptors 3 and 5 use -e read=3,5. Note that this is independent from the normal tracing of the read(2) system call which is controlled by the option -e trace=read.
- -e write=set
- Perform a full hexadecimal and ASCII dump of all the data written to file descriptors listed in the specified set. For example, to see all output activity on file descriptors 3 and 5 use -e write=3,5. Note that this is independent from the normal tracing of the write(2) system call which is controlled by the option -e trace=write.
Regards:
Pulkit Goel
mail: vipulkit.goel@xxxxxxxxx
email@xxxxxxxxxxxxxx
Hello Vinit,
Thanks for the reply.
I have already tried that. But in a busy server, with approximately 50-100 children created per hour, It will be a very tedious task.
Do anyone know any other tools like strace ?.
Regards,
Shameem
--- On Thu, 11/26/09, vinit dhatrak <vinit.dhatrak@xxxxxxxxx> wrote:
> From: vinit dhatrak <vinit.dhatrak@xxxxxxxxx>
> Subject: Re: tracing only direct childrens
> To: "Shameem Ahamed" <shameem.ahamed@xxxxxxxxx>
> Date: Thursday, November 26, 2009, 7:31 PM
> On Thu, Nov 26, 2009 at 6:56 PM,
> Shameem Ahamed
> <shameem.ahamed@xxxxxxxxx>
> wrote:
> > Hi Guys,
> >
> > I know this is not the correct list to ask this
> question. But I am sure somebody from here can help me out.
> >
> > My problem is, i am trying to trace a currently
> running Apache root process for creation of childs using
> strace. But strace also lists the details of childs of
> childs. I want to restrict my trace only to the direct
> childrens.
> >
> > How can we do it? .
> >
> > Regards,
> > Shameem
> >
> >
> >
> >
> > --
> > To unsubscribe from this list: send an email with
> > "unsubscribe kernelnewbies" to ecartis@xxxxxxxxxxxx
> > Please read the FAQ at http://kernelnewbies.org/FAQ
> >
> >
>
> I am not aware of any such direct option available for
> strace program
> but I can suggest you other ways. You can use "-p" option
> and give
> list which will include pids of root process and its
> immediate
> children if processes are already started.
>
> Or you can dump the trace output to the file rather than to
> stderr
> using "-o filename" option. If you use "-ff" to trace child
> processes
> rather than just "-f" then you will get trace output as
> "filename.pid". Now you can observe each process's trace
> separately
> per pid.
>
> Hope this helps.
>
> -Vinit
>
--
To unsubscribe from this list: send an email with
"unsubscribe kernelnewbies" to ecartis@xxxxxxxxxxxx
Please read the FAQ at http://kernelnewbies.org/FAQ
