How do I strace the whole system?

linux strace

Simplest way with systemtap is something like:

stap -e 'probe nd_syscall.* { println(execname(), pid(), " ", pn(), argstr) }'

(@Vi, no manual kernel module work is required; systemtap does that for itself. You need kernel-module-development files available though.)


It's not very feasible to "strace the whole system" from userspace. As I indicated in the previous question you asked, the best way is to use a kernel-mode tracing infrastructure such as kprobes, systemtap, or dtrace. Have you looked at any of these? Is there a reason why none of them will work for your use case?

The only way to truly reliably strace the entire system from userspace would be to start your trace with the init process... but I'm not sure that init or systemd would be very happy with you stracing it, since it does a lot of very low-level stuff that's pretty fragile and easy to break (and hard to inject wrapper commands around it too, I might add).

This is why the highest quality probing mechanisms have some type of kernel module, because the kernel "sees all". This is especially relevant since you are trying to monitor activity on character devices such as /dev/console and /dev/tty*, and the kernel has direct oversight over the calls to those devices since they are implemented in kernelspace.

Related

Can ddrescue's sparse option facilitate cloning a drive to a smaller destination drive?
mogrify - how do you recurse through subfolders in Windows
Turn multiple PNG images into a H264 encoded 1280x720 animation for YouTube HD upload
Indentation for plain text bulleted lists in Vim
How to launch Chrome with explicit "hardware acceleration" setting?
Axiomatic Foundations
Mathematical expression for $n$ largest values in a set
Value of $f'(0)$ if $f(x)=\frac{x}{1+\frac{x}{1+\frac{x}{1+\ddots}}}$
Cross product of cohomology classes: intuition
For which $n$ is $\mathbb{A}^n\setminus \{0\}$ an affine variety?
Properties of reflexive Banach spaces
How do you find the number of multiples of a given range of numbers?