Contents
Abstract
A number of programs and mechanisms, some of which are presented here, can be used to examine the status of your system. Also described are some utilities that are useful for routine work, along with their most important parameters.
For each of the commands introduced, examples of the relevant outputs are
presented. In these examples, the first line is the command itself (after
the > or # sign prompt). Omissions are indicated with square brackets
([...]
) and long lines are wrapped where necessary. Line
breaks for long lines are indicated by a backslash (\
).
# command -x -y output line 1 output line 2 output line 3 is annoyingly long, so long that \ we have to break it output line 3 [...] output line 98 output line 99
The descriptions have been kept short to allow as many utilities as possible
to be mentioned. Further information for all the commands can be found in the
man pages. Most of the commands also understand the parameter
--help
, which produces a brief list of the possible
parameters.
Use the command ldd to find out which libraries would load the dynamic executable specified as argument.
tester@linux:~> ldd /bin/ls linux-gate.so.1 => (0xffffe000) librt.so.1 => /lib/librt.so.1 (0xb7f97000) libacl.so.1 => /lib/libacl.so.1 (0xb7f91000) libc.so.6 => /lib/libc.so.6 (0xb7e79000) libpthread.so.0 => /lib/libpthread.so.0 (0xb7e67000) /lib/ld-linux.so.2 (0xb7fb6000) libattr.so.1 => /lib/libattr.so.1 (0xb7e63000)
Static binaries do not need any dynamic libraries.
tester@linux:~> ldd /bin/sash not a dynamic executable tester@linux:~> file /bin/sash /bin/sash: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), for GNU/Linux 2.6.4, statically linked, for GNU/Linux 2.6.4, stripped
The command ltrace enables you to trace the library
calls of a process. This command is used in a similar fashion to
strace. The parameter -c
outputs the
number and duration of the library calls that have occurred:
tester@linux:~> ltrace -c find ~ % time seconds usecs/call calls function ------ ----------- ----------- --------- -------------------- 34.37 6.758937 245 27554 __errno_location 33.53 6.593562 788 8358 __fprintf_chk 12.67 2.490392 144 17212 strlen 11.97 2.353302 239 9845 readdir64 2.37 0.466754 27 16716 __ctype_get_mb_cur_max 1.18 0.231189 27 8531 strcpy 1.17 0.230765 27 8358 memcpy [...] 0.00 0.000036 36 1 textdomain ------ ----------- ----------- --------- -------------------- 100.00 19.662715 105717 total
The utility strace enables you to trace all the system calls of a process currently running. Enter the command in the normal way, adding strace at the beginning of the line:
tester@linux:~> strace ls execve("/bin/ls", ["ls"], [/* 61 vars */]) = 0 uname({sys="Linux", node="linux", ...}) = 0 brk(0) = 0x805c000 access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or \ directory) open("/etc/ld.so.cache", O_RDONLY) = 3 fstat64(3, {st_mode=S_IFREG|0644, st_size=89696, ...}) = 0 mmap2(NULL, 89696, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7ef2000 close(3) = 0 open("/lib/librt.so.1", O_RDONLY) = 3 read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0000\36\0"..., 512) \ = 512 fstat64(3, {st_mode=S_IFREG|0755, st_size=36659, ...}) = 0 [...] stat64(1, {st_mode=S_IFCHR|0620, st_rdev=makedev(136, 0), ...}) = 0 mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) \ = 0xb7ca7000 write(1, "bin Desktop Documents music\tM"..., 55bin Desktop Documents \ \ music Music public_html tmp ) = 55 close(1) = 0 munmap(0xb7ca7000, 4096) = 0 exit_group(0) = ?
For example, to trace all attempts to open a particular file, use the following:
tester@linux:~> strace -e open ls .bashrc open("/etc/ld.so.cache", O_RDONLY) = 3 open("/lib/librt.so.1", O_RDONLY) = 3 open("/lib/libacl.so.1", O_RDONLY) = 3 open("/lib/libc.so.6", O_RDONLY) = 3 open("/lib/libpthread.so.0", O_RDONLY) = 3 open("/lib/libattr.so.1", O_RDONLY) = 3 [...]
To trace all the child processes, use the parameter -f
.
The behavior and output format of strace can be largely controlled. For
information, see man strace.