Strace allows the monitoring of system calls of running processes into the Linux kernel. It uses the ptrace() system call to do so. This means that other programs that use ptrace(), such as gdb, will not run simultaneously.

Strace is a disruptive monitoring tool, and the process being monitored will slow down and create many more context switches. A generic way of running strace on a given program is:

strace -f -e <filter> -t -s<num> -o <log file>.strace <program> 

The arguments are as follows:

• f: Tells strace to trace all child processes.
• e: Filters the output to a selection of comma separated system calls.
• t: Prints absolute timestamps. Use r for timestamps relative to the last syscall, and T to add the time spent in the syscall.
• s: Increases the maximum length of strings from the default of 32.
• o: Redirects the output to a file that can then be analyzed offline.

It can also attach to running processes using the following command:

$ strace -p $( pgrep <program> ) 

Or several instances of a process using the following command:

$ strace $( pgrep <program> | sed 's/^/-p' )  

To detach, just press Ctrl + C.