Tools
Practical
By Samson Tanimawo, PhD
Published May 2, 2026
4 min read
strace for Syscall Debugging
strace shows what a process is actually doing.
Live workflow · 3 working · 1 queuedLive
Signal · gather Working
Decide · pick action Working
Apply · with verify Working
Learn · update playbook Queued
Attach
strace -p PID attaches to a running process.
strace -f follows forks.
Filter
strace -e trace=open,read shows just file IO.
strace -c summarises by syscall.
Careful
Slows the process. Don't leave running.
In production, prefer briefer attaches.