ÀÌ ¹®¼­´Â strace ¸Å´º¾óÀ» ¹ÙÅÁÀ¸·Î ¿¹¸¦ µé¾î°¡¸é¼­ ¼³¸íÇÑ ±ÛÀÔ´Ï´Ù. ¼³¸í¹®À̶ó Á¸´ë´Â »ç¿ëÇÏÁö ¾Ê¾ÒÀ¸¹Ç·Î ¾çÇØÇϽñ⠹ٶø´Ï´Ù. °³ÀÎÀûÀ¸·Î´Â qmail, vpopmail, apache µð¹ö±ë¿¡ À¯¿ëÇÏ°Ô »ç¿ëÇÑ ÀûÀÌ Àִµ¥ strace¸¦ Àß »ç¿ëÇÑ´Ù¸é ¸¹Àº ³­Á¦µéÀ» ½±°Ô ÇØ°áÇÒ ¼ö ÀÖÀ¸¸®¶ó »ý°¢µË´Ï´Ù. strace´Â ½Ã½ºÅÛ ÄÝ°ú ½Ã±×³ÎÀ» ÃßÀûÇÏ´Â ÇÁ·Î±×·¥À̸ç ÇÁ·Î±×·¥ÀÇ ¹®Á¦¸¦ ºÐ¼®ÇÏ°í µð¹ö±ëÇϴµ¥ À¯¿ëÇÏ´Ù. ½Ã½ºÅÛ °ü¸®ÀÚ, ºÐ¼®°¡, Æ®·¯ºí ½´ÅͶó¸é strace¸¦ »ç¿ëÇϹǷνá ÇÁ·Î±×·¥À» ÀçÄÄÆÄÀÏÇÒ ÇÊ¿ä°¡ ¾ø±â ¶§¹®¿¡ ÇÁ·Î±×·¥ÀÇ ¼Ò½º°¡ °¡¿ëÇÏÁö ¾ÊÀ» ¶§ »ç¿ëÇÏ¸é ¸Å¿ì À¯¿ëÇÒ °ÍÀÌ´Ù. »ç¿ë °¡´ÉÇÑ ¿É¼Ç strace [ -dffhiqrtttTvxx ] [ -acolumn ] [ -eexpr ] ... [ -ofile ] [ -ppid ] ... [ -sstrsize ] [ -uusername ] [ -Evar=val ] ... [ -Evar ] ... [ command [ arg ... ] ] strace -c [ -eexpr ] ... [ -Ooverhead ] [ -Ssortby ] [ command [ arg ... ] ] À§¿Í °°ÀÌ ´Ù¾çÇÑ ¿É¼ÇÀÌ ÀÖÁö¸¸ »ç¿ë ¹æ¹ýÀº Å©°Ô ÇÁ·Î¼¼½º ¾ÆÀ̵ð·Î ÃßÀûÇÏ´À³Ä ¶Ç´Â command·Î ÃßÀûÇÏ´À³Ä µÎ°¡ÁöÀÌ¸ç ¿©±â¿¡ ¿É¼ÇµéÀ» Ãß°¡Çؼ­ Ãâ·ÂÀ» Á¶ÀÛÇÒ ¼ö ÀÖ´Ù. -c °¢°¢ÀÇ ½Ã½ºÅÛ ÄÝ¿¡ ´ëÇÑ ½Ã°£, ÄÝ °³¼ö, ¿¡·¯¸¦ Ä«¿îÆ®ÇÏ°í ÇÁ·Î±×·¥ Å»Ã⠽à º¸°íµÈ´Ù. ¿¹) [root@linux root]# strace -c ls execve("/bin/ls", ["ls"], [/* 24 vars */]) = 0 Desktop bin install.log.syslog nsmail snmp_setup.sh EGAVGA.BGI bsd_snmp_setup.sh less-378-8KR.src.rpm p_test source ElectricFence-2.2.2-11.i386.rpm c_test libr.pl p_test_old src % time seconds usecs/call calls errors syscall ------ ----------- ----------- --------- --------- ---------------- 47.97 0.007413 674 11 write 15.00 0.002318 211 11 1 open 8.75 0.001352 169 8 read 6.99 0.001080 60 18 old_mmap 5.63 0.000870 87 10 close 3.19 0.000493 123 4 munmap 2.55 0.000394 36 11 fstat64 1.87 0.000289 72 4 2 rt_sigaction 1.84 0.000285 143 2 getdents64 1.75 0.000271 271 1 set_thread_area 1.20 0.000186 47 4 brk 1.06 0.000164 55 3 mmap2 0.66 0.000102 102 1 uname 0.61 0.000095 48 2 ioctl 0.28 0.000044 44 1 fcntl64 0.24 0.000037 37 1 getrlimit 0.22 0.000034 34 1 set_tid_address 0.17 0.000027 27 1 rt_sigprocmask ------ ----------- ----------- --------- --------- ---------------- 100.00 0.015454 94 3 total -f ÃßÀû ÁßÀÎ ÇÁ·Î¼¼½º°¡ forkÇÑ ÀÚ½Ä ÇÁ·Î¼¼½ºµéÀ» ÃßÀûÇÑ´Ù. ¿¹) [root@linux root]# strace -f -r -p 11551 Process 11551 attached - interrupt to quit select(0, NULL, NULL, NULL, {0, 440000}) = 0 (Timeout) time(NULL) = 1077928680 waitpid(-1, 0xbfe9692c, WNOHANG) = 0 select(0, NULL, NULL, NULL, {1, 0}) = 0 (Timeout) time(NULL) = 1077928681 waitpid(-1, 0xbfe9692c, WNOHANG) = 0 select(0, NULL, NULL, NULL, {1, 0}) = 0 (Timeout) time(NULL) = 1077928682 waitpid(-1, 0xbfe9692c, WNOHANG) = 0 ... [pid 11551] 0.008273 waitpid(-1, 0xbfe9692c, WNOHANG) = 0 [pid 11551] 0.002466 select(0, NULL, NULL, NULL, {1, 0} [pid 14442] 0.004551 --- SIGSTOP (Stopped (signal)) @ 0 (0) --- ... [pid 11551] 0.004858 time(NULL) = 1077928738 [pid 11551] 0.002505 waitpid(-1, 0xbfe9692c, WNOHANG) = 0 [pid 11551] 0.003191 select(0, NULL, NULL, NULL, {1, 0} Process 11551 detached Process 14442 detached [pid 14442]ó·³ [] ¾È¿¡ ÇÁ·Î¼¼½º ¾ÆÀ̵𰡠ºÎ¸ð ÇÁ·Î¼¼½º¿Í ÀÚ½Ä ÇÁ·Î¼¼½ºÀÇ ¾ÆÀ̵𸦠º¸¿©Áָ鼭 ÀÚ½Ä ÇÁ·Î¼¼½º±îÁö ÃßÀûÇÏ°í ÀÖ´Ù. -r °¢ ½Ã½ºÅÛ ÄÝ¿¡ ´ëÇÑ ¿£Æ®¸® »óÀÇ °ü·Ã ŸÀÓ½ºÅÆÇÁ¸¦ Ãâ·ÂÇÑ´Ù. ÀÌ´Â ¼º°øÇÑ ½Ã½ºÅÛ ÄݵéÀÌ ½ÃÀÛµÈ ½Ã°£ »çÀÌÀÇ ½Ã°£Â÷¸¦ ±â·ÏÇÑ´Ù. ¿¹) [root@linux root]# strace -r ls 0.000000 execve("/bin/ls", ["ls"], [/* 24 vars */]) = 0 0.002387 uname({sys="Linux", node="linux.braineyes.com", ...}) = 0 0.006998 brk(0) = 0x849f000 0.002207 open("/etc/ld.so.preload", O_RDONLY) = -1 ENOENT (No such file or directory) 0.004006 open("/etc/ld.so.cache", O_RDONLY) = 3 0.004462 fstat64(3, {st_mode=S_IFREG|0644, st_size=55211, ...}) = 0 0.002907 old_mmap(NULL, 55211, PROT_READ, MAP_PRIVATE, 3, 0) = 0xbf5d8000 0.002233 close(3) = 0 0.004835 open("/lib/tls/librt.so.1", O_RDONLY) = 3 -t °¢ ¶óÀο¡ ½Ã°£À» Ãâ·ÂÇÑ´Ù. ¿¹) [root@linux root]# strace -t -p 14460 Process 14460 attached - interrupt to quit 09:50:04 select(0, NULL, NULL, NULL, {0, 380000}) = 0 (Timeout) 09:50:04 time(NULL) = 1077929404 09:50:04 waitpid(-1, 0xbfeb66bc, WNOHANG) = 0 09:50:04 select(0, NULL, NULL, NULL, {1, 0}) = 0 (Timeout) 09:50:05 time(NULL) = 1077929405 09:50:05 waitpid(-1, 0xbfeb66bc, WNOHANG) = 0 09:50:05 select(0, NULL, NULL, NULL, {1, 0}) = 0 (Timeout) 09:50:06 time(NULL) = 1077929406 09:50:06 waitpid(-1, 0xbfeb66bc, WNOHANG) = 0 09:50:06 select(0, NULL, NULL, NULL, {1, 0}) = 0 (Timeout) 09:50:07 time(NULL) = 1077929407 09:50:10 select(0, NULL, NULL, NULL, {1, 0} -T ½Ã½ºÅÛ ÄÝ¿¡ ¼Ò¿äµÈ ½Ã°£À» Ãâ·ÂÇÑ´Ù. ¿¹) [root@linux root]# strace -T -p 14460 Process 14460 attached - interrupt to quit select(0, NULL, NULL, NULL, {0, 480000}) = 0 (Timeout) <0.475699> time(NULL) = 1077929488 <0.000835> waitpid(-1, 0xbfeb66bc, WNOHANG) = 0 <0.001862> select(0, NULL, NULL, NULL, {1, 0}) = 0 (Timeout) <0.998481> time(NULL) = 1077929489 <0.000717> waitpid(-1, 0xbfeb66bc, WNOHANG) = 0 <0.000616> select(0, NULL, NULL, NULL, {1, 0}) = 0 (Timeout) <0.998707> time(NULL) = 1077929490 <0.000819> select(5, NULL, [4], NULL, {0, 0}) = 1 (out [4], left {0, 0}) <0.000875> waitpid(-1, 0xbfeb66bc, WNOHANG) = 0 <0.000717> select(0, NULL, NULL, NULL, {1, 0}) = 0 (Timeout) <0.995155> time(NULL) = 1077929491 <0.000875> waitpid(-1, 0xbfeb66bc, WNOHANG) = 0 <0.002018> select(0, NULL, NULL, NULL, {1, 0}) = 0 (Timeout) <0.998356> time(NULL) = 1077929492 <0.000713> waitpid(-1, 0xbfeb66bc, WNOHANG) = 0 <0.000604> select(0, NULL, NULL, NULL, {1, 0}) = 0 (Timeout) <0.999052> time(NULL) = 1077929493 <0.001457> waitpid(-1, 0xbfeb66bc, WNOHANG) = 0 <0.000825> select(0, NULL, NULL, NULL, {1, 0} Process 14460 detached -e expr ÃßÀûÇÒ À̺¥Æ®°¡ ¾î¶² °ÍÀÎÁö ±×°ÍÀ» ¾î¶»°Ô ÃßÀûÇÒ °ÍÀÎÁö¸¦ º¯°æÇÏ´Â ÇÑÁ¤ Ç¥Çö½ÄÀ̸ç Ç¥Çö½ÄÀÇ ÇüÅ´ ´ÙÀ½°ú °°´Ù. [qualifier=][!]value1[,value2]... ¸¸¾à open Äݸ¸À» ÃßÀûÇÑ´Ù¸é -eopenÀ̶ó´Â ¿É¼ÇÀ» Ãß°¡Çϸç ÀÌ´Â -e trace=open°ú °°´Ù. ¹Ý´ë·Î open Äݸ¸À» Á¦¿ÜÇÏ°íÀÚ ÇÑ´Ù¸é -e!open À̶ó°í ÇÏ¸é µÈ´Ù. !À̴ ƯÁ¤ ½©(sh, bash, csh µî)¿¡¼­ history È®ÀåÀ» À§ÇØ »ç¿ëÇϹǷΠÀ̸¦ ÇÇÇϱâ À§Çؼ­´Â backslash()¸¦ »ç¿ëÇØ¾ß ÇÑ´Ù. ¿©±â¼­ -eopen°ú -e trace=open ±×¸®°í -etrace=openÀº µ¿ÀÏÇÑ ¿É¼ÇÀÌ´Ù. -e trace=set ƯÁ¤ ½Ã½ºÅÛ ÄÝ ÁýÇÕ¸¸À» ÃßÀûÇÑ´Ù. -c ¿É¼Ç°ú ÇÔ²² »ç¿ëÇÏ¸é ¾î¶² ½Ã½ºÅÛ Äݸ¦ ÃßÀûÇÒÁö °áÁ¤Çϴµ¥ À¯¿ëÇÏ´Ù. ƯÁ¤ set¿¡´Â file(open,stat,chmod,unlink,...), process(fork,wait,exec...), network, signal, ipc µîÀÌ ÀÖ´Ù. ¶ÇÇÑ set ´ë½Å¿¡ -e trace=open,fork ½ÄÀ¸·Î ƯÁ¤ ÄÝÀ» ÁöÁ¤ÇÒ ¼öµµ ÀÖ´Ù. ¿¹) [root@linux root]# strace -e trace=file /usr/local/apache/bin/apachectl restart execve("/usr/local/apache/bin/apachectl", ["/usr/local/apache/bin/apachectl", "restart"], [/* 24 vars */]) = 0 open("/etc/ld.so.preload", O_RDONLY) = -1 ENOENT (No such file or directory) open("/etc/ld.so.cache", O_RDONLY) = 3 fstat64(3, {st_mode=S_IFREG|0644, st_size=55211, ...}) = 0 open("/lib/libtermcap.so.2", O_RDONLY) = 3 fstat64(3, {st_mode=S_IFREG|0755, st_size=13016, ...}) = 0 open("/lib/libdl.so.2", O_RDONLY) = 3 fstat64(3, {st_mode=S_IFREG|0755, st_size=16312, ...}) = 0 open("/lib/tls/libc.so.6", O_RDONLY) = 3 fstat64(3, {st_mode=S_IFREG|0755, st_size=1578228, ...}) = 0 open("/dev/tty", O_RDWR|O_NONBLOCK|O_LARGEFILE) = 3 open("/etc/mtab", O_RDONLY) = 3 fstat64(3, {st_mode=S_IFREG|0644, st_size=212, ...}) = 0 open("/proc/meminfo", O_RDONLY) = 3 fstat64(3, {st_mode=S_IFREG|0444, st_size=0, ...}) = 0 stat64("/root", {st_mode=S_IFDIR|0750, st_size=4096, ...}) = 0 stat64(".", {st_mode=S_IFDIR|0750, st_size=4096, ...}) = 0 open("/usr/local/apache/bin/apachectl", O_RDONLY|O_LARGEFILE) = 3 fstat64(255, {st_mode=S_IFREG|0755, st_size=7412, ...}) = 0 stat64("/usr/local/apache/logs/httpd.pid", {st_mode=S_IFREG|0644, st_size=6, ...}) = 0 --- SIGCHLD (Child exited) @ 0 (0) --- open("/dev/null", O_WRONLY|O_CREAT|O_TRUNC|O_LARGEFILE, 0666) = 3 --- SIGCHLD (Child exited) @ 0 (0) --- fstat64(1, {st_mode=S_IFCHR|0620, st_rdev=makedev(136, 1), ...}) = 0 /usr/local/apache/bin/apachectl restart: httpd restarted -e read=set, -e write=set set¿¡´Â ÆÄÀÏ µð½ºÅ©¸³Å͸¦ ÁöÁ¤ÇÑ´Ù. ÆÄÀϵð½ºÅ©¸³ÅÍ°¡ 3°ú 5¶ó¸é -e read=3,5 ½ÄÀ¸·Î ÁöÁ¤ÇÏ¸é µÈ´Ù. -p pid ÇÁ·Î¼¼½º ¾ÆÀ̵𸦠ÁöÁ¤ÇÑ´Ù. -s strsize Ãâ·ÂÇÒ ¼ö ÀÖ´Â ÃÖ´ë ¹®ÀÚ¿­ Å©±â¸¦ ÁöÁ¤ÇÑ´Ù. ±âº»°ªÀº 32ÀÌ°í ÆÄÀϸíÀº ¹®ÀÚ¿­·Î °£ÁÖµÇÁö ¾Ê¾Æ ¸ðµÎ Ãâ·ÂÇÑ´Ù. ¿¹) ±âº»°ªÀÏ °æ¿ì [root@linux root]# strace -p 14461 Process 14461 attached - interrupt to quit read(0, "203.xxx.xx.142 - - [28/Feb/2004:"..., 65536) = 150 time(NULL) = 1077934782 write(3, "203.xxx.xx.142 - - [28/Feb/2004:"..., 150) = 150 -s 500À¸·Î ÁöÁ¤ÇÒ °æ¿ì [root@linux root]# strace -s 500 -p 14461 Process 14461 attached - interrupt to quit read(0, "203.xx.xx.142 - - [28/Feb/2004:11:17:45 +0900] "GET / HTTP/1.1" 406 2816 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322)" ", 65536) = 150 time(NULL) = 1077934665 open("/usr/local/apache/logs/transfer_log.1077934600", O_WRONLY|O_APPEND|O_CREAT, 0666) = 4 close(3) = 0 write(4, "203.xxx.xx.142 - - [28/Feb/2004:11:17:45 +0900] "GET / HTTP/1.1" 406 2816 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322)" ", 150) = 150 read(0, -S sortby -c ¿É¼Ç°ú ÇÔ²² »ç¿ëµÇ¸ç ƯÁ¤ Ä÷³À» Á¤·ÄÇÒ ¼ö ÀÖ´Ù. ƯÁ¤ Ä÷³°ª¿¡´Â À§ÀÇ ¿¹Á¦¿¡µµ ³ª¿Í ÀÖµíÀÌ time, calls, name µîÀ¸·Î °¡´ÉÇÏ´Ù. ¿¹) [root@linux root]# strace -c -S name ls execve("/bin/ls", ["ls"], [/* 24 vars */]) = 0 Desktop data.txt ls_strace qmailscanner_setup.sh EGAVGA.BGI dmesg.log mbox signal_demo.pl ElectricFence-2.2.2-11.i386.rpm english mremap snmp_setup.sh % time seconds usecs/call calls errors syscall ------ ----------- ----------- --------- --------- ---------------- 0.85 0.000213 53 4 brk 2.09 0.000527 53 10 close 0.38 0.000096 96 1 fcntl64 1.58 0.000399 36 11 fstat64 0.71 0.000179 90 2 getdents64 0.38 0.000097 97 1 getrlimit 0.79 0.000200 100 2 ioctl 0.80 0.000201 67 3 mmap2 1.55 0.000390 98 4 munmap 4.41 0.001111 62 18 old_mmap 9.41 0.002370 215 11 1 open 3.48 0.000877 110 8 read 0.71 0.000180 45 4 2 rt_sigaction 0.12 0.000030 30 1 rt_sigprocmask 0.20 0.000051 51 1 set_thread_area 0.19 0.000048 48 1 set_tid_address 0.28 0.000071 71 1 uname 72.06 0.018155 1297 14 write ------ ----------- ----------- --------- --------- ---------------- 100.00 0.025195 97 3 total