autrace can log the system calls made by a program by running it. I want to log the system calls of already running programs. It can be done by finding the process id, but is there any other elegant way? Which may be using the chrome executable file as a parameter to log system calls generated by it?
Linux – How to log all the system calls made by a program, say chrome, using linux auditing
auditlinux-auditsystem-calls
Best Answer
As @Patrick stated in the comments, you can use the command line tool
strace
to produce a dump of the system calls that are made by a program as it runs.Example
Here's an example showing the command
echo hi
being run.You can also increase the details that get output by including the option
-s <size>
. I typically will use-s 2000
to get 2000 characters of output per call. Also I'll include the switch-o <file>
to get the output to dump into a file. It's much easier to look at this output after the fact.Example
And here's the file:
You can include any program or command that you can typically run in your shell as an argument to
strace
. It's probably the most useful tool included with Linux in terms of gaining insights into how executables work within your system.I'm only scratching the surface here, you can instruct
strace
to only show system calls or signals too. Check out theman strace
page for more info.