Grepping strace output gets hard

greppipestrace

I wrote the following code to determine which files a program writes to. I want to capture the filenames of course.

strace -f -t -e trace=file -p 8804 2>&1 | grep -oP "\"(.*)\".*O_WRONLY"

This outputs something like

/tmp/11111111.txt", O_WRONLY

The problem is I can't pipe the output of all this to any command

strace -f -t -e trace=file -p 8804 2>&1 | grep -oP "\"(.*)\".*O_WRONLY" | echo
# does not show anything

And also I can't save the output of all this for later use:

strace -f -t -e trace=file -p 8804 2>&1 | grep -oP "\"(.*)\".*O_WRONLY" > asd.out
# file is empty

Your help is appreciated. 🙂

Best Answer

You can write the output to a file (with strace -o asd.out) and then grep it:

From strace manual:

-o filename Write  the  trace  output to the file filename rather than 
to stderr.  Use filename.pid if -ff is used. If the argument begins with
`|' or with `!' then the rest of the argument is treated as a command
and all output is piped to it. This is convenient for piping the
debugging output to a program without affecting the redirections of 
executed programs.

Related Solutions

Shell – Grep command in shell script

This is the error you get if you try to search in an empty directory:

$ tree
.
├── dir
│   └── file
└── empty_dir

2 directories, 1 file
$ grep foo dir/*  ## works, no error
$ grep foo empty_dir/*
grep: empty_dir/*: No such file or directory

Basically, when you run something like grep ./*, the glob (*) is interpreted by the shell which will expand it to the contents of the directory you gave. If the directory is empty, that expands to nothing and the shell returns an error. You will get the same error irrespective of which program you use:

$ ls empty_dir/*
ls: cannot access empty_dir/*: No such file or directory

So, I'm guessing that ~/5as-darbas/inputs/multiple_dir/ is empty. This is not a big deal and you can just ignore the error. If you want to deal with it more gracefully, you could give the directory name (no glob) and run a recursive grep:

$ grep -R foo empty_dir/

To do this with your current setup, change `~/5as-darbas/inputs/multiple_dir/* to ~/5as-darbas/inputs/multiple_dir/ and give grep -R as the first argument to your script:

$ myscript.sh 'grep -R' regExp/regExp tests/MULTIPLE.inp outputs/MULTIPLE.out

Grepping for a block of text with parts that can be optional

This would do it i hope. Events go to events file. And messages go to stdout.

Save this file to myprogram.awk (for example):

#!/usr/bin/awk -f

BEGIN {
   s=0;  ### state. Active when parsing inside an event
   nevent=0;  ### Current event number
   printf "" > "events"
}

# Start of event
/^ *Data control raising event/ {
   s=1;
   dentries=0;
   print "*** Event number: " nevent >> "events"
   nevent++
}

# Standard event line
s==1 {
   print >> "events"
}

# DataChangeEntry line
/^ *==== DataChangeEntry/ {
   dentries ++
}

# End of event
s==1 && /^ *\]\]/ {
   s=0;
   print "" >> "events"
   if(dentries==0){
      print "Warning: Event " nevent " has no Data Entries"
   }
}

END {
   print "Total event count: " nevent
}

You can invoke it in different ways:

myprogram.awk inputfile.txt
awk -f myprogram.awk inputfile.txt

Sample output:

Warning: Event 3 has no Data Entries
Total event count: 3

You can check all the events together in the file called events in working directory.

Best Answer

Related Solutions

Shell – Grep command in shell script

Grepping for a block of text with parts that can be optional

Related Question