A list of Linux performance monitoring tools for CPU, disk, memory, networking, and debugging.
CPU, Memory, Disk Monitoring
sar and iostat are part of sysstat and available in most package repos. `sar -switch 1 3` means “perform the test three times at one-second intervals”.
List processes by CPU/mem usage:
$ htop
Show CPU usage, all processors:
$ sar -u 1 3 Linux 3.13.0-24-generic (ubuntu) 04/05/2016 _x86_64_ (2 CPU) 11:53:46 AM CPU %user %nice %system %iowait %steal %idle 11:53:47 AM all 0.00 0.00 0.00 0.00 0.00 100.00 11:53:48 AM all 0.00 0.00 0.50 0.00 0.00 99.50 11:53:49 AM all 0.00 0.00 0.00 0.00 0.00 100. Average: all 0.00 0.00 0.17 0.00 0.00 99.83
Show CPU usage, all processors/cores:
$ sar -P ALL 1 1 Linux 3.13.0-24-generic (ubuntu) 04/05/2016 _x86_64_ (2 CPU) 11:54:26 AM CPU %user %nice %system %iowait %steal %idle 11:54:27 AM all 0.00 0.00 0.00 0.00 0.00 100.00 11:54:27 AM 0 0.00 0.00 0.00 0.00 0.00 100.00 11:54:27 AM 1 0.00 0.00 0.00 0.00 0.00 100.00 Average: CPU %user %nice %system %iowait %steal %idle Average: all 0.00 0.00 0.00 0.00 0.00 100.00 Average: 0 0.00 0.00 0.00 0.00 0.00 100.00 Average: 1 0.00 0.00 0.00 0.00 0.00 100.00
Show CPU and disk I/O:
$ iostat
Linux 3.13.0-24-generic (ubuntu) 04/05/2016 _x86_64_ (2 CPU)
avg-cpu: %user %nice %system %iowait %steal %idle
0.20 0.00 0.25 0.57 0.00 98.97
Device: tps kB_read/s kB_wrtn/s kB_read kB_wrtn
sda 2.68 78.05 66.40 312964 266266
dm-0 4.88 77.28 66.40 309865 266260
dm-1 0.06 0.22 0.00 896 0
Show free or used memory:
$ sar -r 1 3
Linux 3.13.0-24-generic (ubuntu) 04/05/2016 _x86_64_ (2 CPU)
11:55:22 AM kbmemfree kbmemused %memused kbbuffers kbcached kbcommit %commit kbactive kbinact kbdirty
11:55:23 AM 1522140 527832 25.75 24656 380836 918360 22.17 299820 172940 4
11:55:24 AM 1522140 527832 25.75 24656 380836 918360 22.17 299820 172940 4
11:55:25 AM 1522140 527832 25.75 24656 380836 918360 22.17 299824 172940 4
Average: 1522140 527832 25.75 24656 380836 918360 22.17 299821 172940 4
$ free
total used free shared buffers cached
Mem: 2049972 531064 1518908 6028 24756 381644
-/+ buffers/cache: 124664 1925308
Swap: 2093052 0 2093052
Show swap statistics:
$ sar -S 1 3 Linux 3.13.0-24-generic (ubuntu) 04/05/2016 _x86_64_ (2 CPU) 11:55:34 AM kbswpfree kbswpused %swpused kbswpcad %swpcad 11:55:35 AM 2093052 0 0.00 0 0.00 11:55:36 AM 2093052 0 0.00 0 0.00 11:55:37 AM 2093052 0 0.00 0 0.00 Average: 2093052 0 0.00 0 0.00
Show overall I/O statistics:
$ sar -b 1 3 Linux 3.13.0-24-generic (ubuntu) 04/05/2016 _x86_64_ (2 CPU) 11:56:09 AM tps rtps wtps bread/s bwrtn/s 11:56:10 AM 0.00 0.00 0.00 0.00 0.00 11:56:11 AM 0.00 0.00 0.00 0.00 0.00 11:56:12 AM 0.00 0.00 0.00 0.00 0.00 Average: 0.00 0.00 0.00 0.00 0.00
Show I/O of block-level devices:
$ sar -d 1 3 Linux 3.13.0-24-generic (ubuntu) 04/05/2016 _x86_64_ (2 CPU) 11:56:15 AM DEV tps rd_sec/s wr_sec/s avgrq-sz avgqu-sz await svctm %util 11:56:16 AM dev8-0 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 11:56:16 AM dev252-0 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 11:56:16 AM dev252-1 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 11:56:16 AM DEV tps rd_sec/s wr_sec/s avgrq-sz avgqu-sz await svctm %util 11:56:17 AM dev8-0 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 11:56:17 AM dev252-0 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 11:56:17 AM dev252-1 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 11:56:17 AM DEV tps rd_sec/s wr_sec/s avgrq-sz avgqu-sz await svctm %util 11:56:18 AM dev8-0 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 11:56:18 AM dev252-0 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 11:56:18 AM dev252-1 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 Average: DEV tps rd_sec/s wr_sec/s avgrq-sz avgqu-sz await svctm %util Average: dev8-0 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 Average: dev252-0 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 Average: dev252-1 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00
Network Monitoring
Show network statistics by protocol:
$ sar -n TCP 1 3 Linux 3.13.0-24-generic (ubuntu) 04/05/2016 _x86_64_ (2 CPU) 03:24:49 PM active/s passive/s iseg/s oseg/s 03:24:50 PM 0.00 0.00 0.00 0.00 03:24:51 PM 0.00 0.00 0.00 0.00 03:24:52 PM 0.00 0.00 0.00 0.00 Average: 0.00 0.00 0.00 0.00
Show listening TCP and UDP connections and associated process:
$ netstat -nlutp Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 863/sshd tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN 893/mysqld tcp6 0 0 :::22 :::* LISTEN 863/sshd tcp6 0 0 :::80 :::* LISTEN 1091/apache2 udp 0 0 0.0.0.0:68 0.0.0.0:* 523/dhclient udp 0 0 0.0.0.0:48472 0.0.0.0:* 523/dhclient udp6 0 0 :::17972 :::* 523/dhclient
Show all TCP and UDP connections:
$ lsof -i tcp; lsof -i udp; COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME sshd 863 root 3u IPv4 9007 0t0 TCP *:ssh (LISTEN) sshd 863 root 4u IPv6 9009 0t0 TCP *:ssh (LISTEN) mysqld 893 mysql 10u IPv4 9851 0t0 TCP localhost:mysql (LISTEN) apache2 1091 root 4u IPv6 9090 0t0 TCP *:http (LISTEN) apache2 1092 www-data 4u IPv6 9090 0t0 TCP *:http (LISTEN) apache2 1093 www-data 4u IPv6 9090 0t0 TCP *:http (LISTEN) sshd 2849 root 3u IPv4 19476 0t0 TCP ubuntu:ssh->Greendragon:55891 (ESTABLISHED) sshd 2940 geoff 3u IPv4 19476 0t0 TCP ubuntu:ssh->Greendragon:55891 (ESTABLISHED) dhclient 523 root 4u IPv4 1938 0t0 UDP *:bootpc dhclient 523 root 20u IPv4 8227 0t0 UDP *:48472 dhclient 523 root 21u IPv6 8229 0t0 UDP *:17972
List all processes listening on a specific port:
$ lsof -i :22 COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME sshd 863 root 3u IPv4 9007 0t0 TCP *:ssh (LISTEN) sshd 863 root 4u IPv6 9009 0t0 TCP *:ssh (LISTEN) sshd 2849 root 3u IPv4 19476 0t0 TCP ubuntu:ssh->Greendragon:55891 (ESTABLISHED) sshd 2940 geoff 3u IPv4 19476 0t0 TCP ubuntu:ssh->Greendragon:55891 (ESTABLISHED)
Show established connections:
$ netstat -atnp | grep ESTA tcp 0 0 192.168.1.232:22 192.168.1.58:55891 ESTABLISHED 2849/sshd: geoff [p
Show active network interfaces:
$ netstat -ie
Kernel Interface table
eth0 Link encap:Ethernet HWaddr 08:00:27:4d:36:06
inet addr:192.168.1.232 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::a00:27ff:fe4d:3606/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:6483 errors:0 dropped:0 overruns:0 frame:0
TX packets:950 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:6494513 (6.4 MB) TX bytes:199996 (199.9 KB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
# or ifconfig
Check if a network service is running:
$ netstat -aple | grep apache tcp6 0 0 [::]:http [::]:* LISTEN root 9090 1091/apache2
Active Process, File Handle, and Stack Monitoring
Show all processes:
$ ps aux USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND root 1 0.0 0.1 33352 2736 ? Ss 11:03 0:01 /sbin/init root 2 0.0 0.0 0 0 ? S 11:03 0:00 [kthreadd] root 3 0.0 0.0 0 0 ? S 11:03 0:00 [ksoftirqd/0] root 4 0.0 0.0 0 0 ? S 11:03 0:00 [kworker/0:0] root 5 0.0 0.0 0 0 ? S< 11:03 0:00 [kworker/0:0H] root 7 0.0 0.0 0 0 ? S 11:03 0:00 [rcu_sched] root 8 0.0 0.0 0 0 ? S 11:03 0:00 [rcuos/0] root 9 0.0 0.0 0 0 ? S 11:03 0:00 [rcuos/1] root 10 0.0 0.0 0 0 ? S 11:03 0:00 [rcu_bh] root 11 0.0 0.0 0 0 ? S 11:03 0:00 [rcuob/0] root 12 0.0 0.0 0 0 ? S 11:03 0:00 [rcuob/1] root 13 0.0 0.0 0 0 ? S 11:03 0:00 [migration/0] [etc]
Display process by user:
$ ps -f -u geoff UID PID PPID C STIME TTY TIME CMD geoff 1330 1172 0 11:03 tty1 00:00:00 -bash geoff 2940 2849 0 15:31 ? 00:00:00 sshd: geoff@notty geoff 2941 2940 0 15:31 ? 00:00:00 /usr/lib/openssh/sftp-server
Show process by name or process id:
$ ps -C apache2 PID TTY TIME CMD 1091 ? 00:00:00 apache2 1092 ? 00:00:05 apache2 1093 ? 00:00:05 apache2
Display child processes of a parent process:
$ ps -o pid,uname,comm -C apache2 PID USER COMMAND 1091 root apache2 1092 www-data apache2 1093 www-data apache2
Display all threads of a process:
$ ps -p 1093 -L PID LWP TTY TIME CMD 1093 1093 ? 00:00:00 apache2 1093 1103 ? 00:00:00 apache2 1093 1104 ? 00:00:00 apache2 1093 1105 ? 00:00:00 apache2 1093 1106 ? 00:00:00 apache2 1093 1107 ? 00:00:00 apache2 1093 1108 ? 00:00:00 apache2 1093 1109 ? 00:00:00 apache2 1093 1125 ? 00:00:00 apache2 1093 1127 ? 00:00:00 apache2 1093 1129 ? 00:00:00 apache2 1093 1131 ? 00:00:00 apache2 1093 1133 ? 00:00:00 apache2 1093 1134 ? 00:00:00 apache2 1093 1135 ? 00:00:00 apache2 1093 1136 ? 00:00:00 apache2 1093 1137 ? 00:00:00 apache2 1093 1138 ? 00:00:00 apache2 1093 1139 ? 00:00:00 apache2 1093 1140 ? 00:00:00 apache2 1093 1141 ? 00:00:00 apache2 1093 1142 ? 00:00:00 apache2 1093 1143 ? 00:00:00 apache2 1093 1144 ? 00:00:00 apache2 1093 1145 ? 00:00:00 apache2 1093 1146 ? 00:00:00 apache2 1093 1147 ? 00:00:05 apache2
Display the memory map of a process:
$ pmap -x 1093 1093: /usr/sbin/apache2 -k start Address Kbytes RSS Dirty Mode Mapping 00007f0f98000000 132 8 8 rw--- [ anon ] 00007f0f98021000 65404 0 0 ----- [ anon ] 00007f0f9e7ed000 4 0 0 ----- [ anon ] 00007f0f9e7ee000 8192 8 8 rw--- [ anon ] 00007f0f9efee000 4 0 0 ----- [ anon ] 00007f0f9efef000 8192 8 8 rw--- [ anon ] 00007f0f9f7ef000 4 0 0 ----- [ anon ] 00007f0f9f7f0000 8192 8 8 rw--- [ anon ] 00007f0f9fff0000 4 0 0 ----- [ anon ] 00007f0f9fff1000 8192 8 8 rw--- [ anon ] 00007f0fa07f1000 4 0 0 ----- [ anon ] 00007f0fa07f2000 8192 8 8 rw--- [ anon ] 00007f0fa0ff2000 4 0 0 ----- [ anon ] 00007f0fa0ff3000 8192 8 8 rw--- [ anon ] 00007f0fa17f3000 4 0 0 ----- [ anon ] 00007f0fa17f4000 8192 8 8 rw--- [ anon ] 00007f0fa1ff4000 4 0 0 ----- [ anon ] 00007f0fa1ff5000 8192 8 8 rw--- [ anon ] 00007f0fa27f5000 4 0 0 ----- [ anon ] 00007f0fa27f6000 8192 8 8 rw--- [ anon ] 00007f0fa2ff6000 4 0 0 ----- [ anon ] 00007f0fa2ff7000 8192 8 8 rw--- [ anon ] 00007f0fa37f7000 4 0 0 ----- [ anon ] [etc] ---------------- ------- ------- ------- total kB 426336 5064 3636
List open files belonging to a process/user:
$ lsof -p 1093 COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME apache2 1093 www-data cwd DIR 252,0 4096 2 / apache2 1093 www-data rtd DIR 252,0 4096 2 / apache2 1093 www-data txt REG 252,0 637528 400977 /usr/sbin/apache2 apache2 1093 www-data mem REG 252,0 90160 655461 /lib/x86_64-linux-gnu/libgcc_s.so.1 apache2 1093 www-data mem REG 252,0 47712 655451 /lib/x86_64-linux-gnu/libnss_files-2.19.so apache2 1093 www-data mem REG 252,0 47760 655416 /lib/x86_64-linux-gnu/libnss_nis-2.19.so apache2 1093 www-data mem REG 252,0 97296 655391 /lib/x86_64-linux-gnu/libnsl-2.19.so apache2 1093 www-data mem REG 252,0 39824 655389 /lib/x86_64-linux-gnu/libnss_compat-2.19.so apache2 1093 www-data mem REG 252,0 22536 532934 /usr/lib/apache2/modules/mod_status.so apache2 1093 www-data mem REG 252,0 14344 533044 /usr/lib/apache2/modules/mod_setenvif.so apache2 1093 www-data mem REG 252,0 34832 533019 /usr/lib/apache2/modules/mod_negotiation.so apache2 1093 www-data mem REG 252,0 59408 532984 /usr/lib/apache2/modules/mod_mpm_event.so apache2 1093 www-data mem REG 252,0 18440 532971 /usr/lib/apache2/modules/mod_mime.so apache2 1093 www-data mem REG 252,0 18440 532936 /usr/lib/apache2/modules/mod_filter.so apache2 1093 www-data mem REG 252,0 10248 532937 /usr/lib/apache2/modules/mod_env.so [etc] $ lsof -u geoff COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME bash 1330 geoff cwd DIR 252,0 4096 924340 /home/geoff bash 1330 geoff rtd DIR 252,0 4096 2 / bash 1330 geoff txt REG 252,0 1021112 663741 /bin/bash bash 1330 geoff mem REG 252,0 47712 655451 /lib/x86_64-linux-gnu/libnss_files-2.19.so bash 1330 geoff mem REG 252,0 47760 655416 /lib/x86_64-linux-gnu/libnss_nis-2.19.so bash 1330 geoff mem REG 252,0 97296 655391 /lib/x86_64-linux-gnu/libnsl-2.19.so bash 1330 geoff mem REG 252,0 39824 655389 /lib/x86_64-linux-gnu/libnss_compat-2.19.so bash 1330 geoff mem REG 252,0 2919792 399009 /usr/lib/locale/locale-archive bash 1330 geoff mem REG 252,0 1840928 655440 /lib/x86_64-linux-gnu/libc-2.19.so bash 1330 geoff mem REG 252,0 14664 655382 /lib/x86_64-linux-gnu/libdl-2.19.so bash 1330 geoff mem REG 252,0 167096 655752 /lib/x86_64-linux-gnu/libtinfo.so.5.9 bash 1330 geoff mem REG 252,0 149120 655412 /lib/x86_64-linux-gnu/ld-2.19.so bash 1330 geoff mem REG 252,0 26258 393494 /usr/lib/x86_64-linux-gnu/gconv/gconv-modules.cache bash 1330 geoff 0u CHR 4,1 0t0 1043 /dev/tty1 [etc]
Show processes that opened a specific file:
$ lsof /bin/bash COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME bash 1330 geoff txt REG 252,0 1021112 663741 /bin/bash bash 1346 root txt REG 252,0 1021112 663741 /bin/bash
Trace a particular executable:
$ strace ls
execve("/bin/ls", ["ls"], [/* 22 vars */]) = 0
brk(0) = 0xdc9000
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f25a5e3b000
access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=19040, ...}) = 0
mmap(NULL, 19040, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f25a5e36000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/lib/x86_64-linux-gnu/libselinux.so.1", O_RDONLY|O_CLOEXEC) = 3
read(3, "177ELF211\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\0[\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0644, st_size=134296, ...}) = 0
mmap(NULL, 2238192, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f25a59f8000
mprotect(0x7f25a5a18000, 2093056, PROT_NONE) = 0
mmap(0x7f25a5c17000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1f000) = 0x7f25a5c17000
mmap(0x7f25a5c19000, 5872, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f25a5c19000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/lib/x86_64-linux-gnu/libacl.so.1", O_RDONLY|O_CLOEXEC) = 3
read(3, "177ELF211\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\0[\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0644, st_size=31168, ...}) = 0
mmap(NULL, 2126336, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f25a57f0000
mprotect(0x7f25a57f7000, 2093056, PROT_NONE) = 0
mmap(0x7f25a59f6000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x6000) = 0x7f25a59f6000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/lib/x86_64-linux-gnu/libc.so.6", O_RDONLY|O_CLOEXEC) = 3
read(3, "177ELF211\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\0[\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=1840928, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f25a5e35000
mmap(NULL, 3949248, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f25a542b000
mprotect(0x7f25a55e6000, 2093056, PROT_NONE) = 0
mmap(0x7f25a57e5000, 24576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1ba000) = 0x7f25a57e5000
mmap(0x7f25a57eb000, 17088, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f25a57eb000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/lib/x86_64-linux-gnu/libpcre.so.3", O_RDONLY|O_CLOEXEC) = 3
read(3, "177ELF211\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\0[\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0644, st_size=252032, ...}) = 0
mmap(NULL, 2347200, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f25a51ed000
mprotect(0x7f25a522a000, 2093056, PROT_NONE) = 0
mmap(0x7f25a5429000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x3c000) = 0x7f25a5429000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/lib/x86_64-linux-gnu/libdl.so.2", O_RDONLY|O_CLOEXEC) = 3
read(3, "177ELF211\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\0[\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0644, st_size=14664, ...}) = 0
mmap(NULL, 2109744, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f25a4fe9000
mprotect(0x7f25a4fec000, 2093056, PROT_NONE) = 0
mmap(0x7f25a51eb000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2000) = 0x7f25a51eb000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/lib/x86_64-linux-gnu/libattr.so.1", O_RDONLY|O_CLOEXEC) = 3
read(3, "177ELF211\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\0[\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0644, st_size=18624, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f25a5e34000
mmap(NULL, 2113760, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f25a4de4000
mprotect(0x7f25a4de8000, 2093056, PROT_NONE) = 0
mmap(0x7f25a4fe7000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x3000) = 0x7f25a4fe7000
close(3) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f25a5e33000
mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f25a5e31000
arch_prctl(ARCH_SET_FS, 0x7f25a5e31840) = 0
mprotect(0x7f25a57e5000, 16384, PROT_READ) = 0
mprotect(0x7f25a4fe7000, 4096, PROT_READ) = 0
mprotect(0x7f25a51eb000, 4096, PROT_READ) = 0
mprotect(0x7f25a5429000, 4096, PROT_READ) = 0
mprotect(0x7f25a59f6000, 4096, PROT_READ) = 0
mprotect(0x7f25a5c17000, 4096, PROT_READ) = 0
mprotect(0x619000, 4096, PROT_READ) = 0
mprotect(0x7f25a5e3d000, 4096, PROT_READ) = 0
munmap(0x7f25a5e36000, 19040) = 0
statfs("/sys/fs/selinux", 0x7fff1d00dd60) = -1 ENOENT (No such file or directory)
statfs("/selinux", 0x7fff1d00dd60) = -1 ENOENT (No such file or directory)
brk(0) = 0xdc9000
brk(0xdea000) = 0xdea000
open("/proc/filesystems", O_RDONLY) = 3
fstat(3, {st_mode=S_IFREG|0444, st_size=0, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f25a5e3a000
read(3, "nodevtsysfsnnodevtrootfsnnodevtr"..., 1024) = 316
read(3, "", 1024) = 0
close(3) = 0
munmap(0x7f25a5e3a000, 4096) = 0
open("/usr/lib/locale/locale-archive", O_RDONLY|O_CLOEXEC) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=2919792, ...}) = 0
mmap(NULL, 2919792, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f25a4b1b000
close(3) = 0
ioctl(1, SNDCTL_TMR_TIMEBASE or SNDRV_TIMER_IOCTL_NEXT_DEVICE or TCGETS, {B38400 opost isig icanon echo ...}) = 0
ioctl(1, TIOCGWINSZ, {ws_row=30, ws_col=80, ws_xpixel=0, ws_ypixel=0}) = 0
openat(AT_FDCWD, ".", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = 3
getdents(3, /* 20 entries */, 32768) = 632
getdents(3, /* 0 entries */, 32768) = 0
close(3) = 0
fstat(1, {st_mode=S_IFCHR|0600, st_rdev=makedev(4, 1), ...}) = 0
ioctl(1, SNDCTL_TMR_TIMEBASE or SNDRV_TIMER_IOCTL_NEXT_DEVICE or TCGETS, {B38400 opost isig icanon echo ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f25a5e3a000
write(1, "delete.sh htop.txt output.tx"..., 78) = 78
write(1, "free.txt latest.zip sar2.txt "..., 65) = 65
close(1) = 0
munmap(0x7f25a5e3a000, 4096) = 0
close(2) = 0
exit_group(0) = ?
+++ exited with 0 +++
Trace specific system calls in an executable:
$ strace -e mmap ls mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faea6ef3000 mmap(NULL, 19040, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7faea6eee000 mmap(NULL, 2238192, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7faea6ab0000 mmap(0x7faea6ccf000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1f000) = 0x7faea6ccf000 mmap(0x7faea6cd1000, 5872, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7faea6cd1000 mmap(NULL, 2126336, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7faea68a8000 mmap(0x7faea6aae000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x6000) = 0x7faea6aae000 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faea6eed000 mmap(NULL, 3949248, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7faea64e3000 mmap(0x7faea689d000, 24576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1ba000) = 0x7faea689d000 mmap(0x7faea68a3000, 17088, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7faea68a3000 mmap(NULL, 2347200, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7faea62a5000 mmap(0x7faea64e1000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x3c000) = 0x7faea64e1000 mmap(NULL, 2109744, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7faea60a1000 mmap(0x7faea62a3000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2000) = 0x7faea62a3000 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faea6eec000 mmap(NULL, 2113760, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7faea5e9c000 mmap(0x7faea609f000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x3000) = 0x7faea609f000 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faea6eeb000 mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faea6ee9000 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faea6ef2000 mmap(NULL, 2919792, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7faea5bd3000 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faea6ef2000 +++ exited with 0 +++
