Strace is a tool for monitoring the "system-call conversation" that takes place between applications and the Linux kernel. At the simplest level, it can be used to display the entire conversation, and--crucially--that conversation is displayed symbolically (without the need for application source code). Thus, one sees the names of system calls, the symbolic representation of each of bit-mask argument (using the names shown in the manual pages), structure arguments broken out into individual fields, and so on.

In this presentation, we'll examine the output produced by strace (including some subtle details) and look at the rich set of options it provides for limiting the trace to specific systems calls and signals, as well as accesses to specific files.