1

I'm running this command:

strace -f -e trace=desc ./my-program

(So you see I'm running the -f parameter)

Which lets me see the stdout/stderr write commands of the parent process:

[pid 10] 07:36:46.668931 write(2, "..\n"..., 454 <unfinished ...> <stdout of ..> <stdout other output - but I don't see the write commands - so probably from a child process> [pid 10] 07:36:46.669684 write(2, "My final output\n", 24 <unfinished ...> <stdout of My final output>

What I want to see is the other write commands.

This is running in a docker container being executed with:

docker run --privileged=true my-label/my-container

My question is: How to strace all write calls (to stdout/stderr) from all child processes inside a docker container?

EDIT: Note that this application starts and stops in about 2 seconds. strace can follow its application cycle. But tools that expect it to hang around like a server process won't work. (Perhaps sysdig can be used for this - but I haven't seen an example of this model yet).

Improve this question
3
  • you may also consider sysdig which I believe has container support Commented Jan 27, 2018 at 15:46
  • thanks @thrig - I think that sysdig won't run against applications (ones that start and stop quickly) - only against server process that hang around perpetually. (Correct me if I'm wrong). Commented Jan 28, 2018 at 10:53
  • how would the kernel (where sysdig runs) not see a "quick" process? Commented Jan 28, 2018 at 16:12

1 Answer 1

Reset to default
2

It turns out strace truncates string output - you have to explicitly tell it that you want more than the first n (10?) string chars. You do this with -s 800. 

strace -s 800 -ff ./myprogram

You can also get all the write commands by asking strace explicitly with -e write. 

strace -s 800 -ff -e write ./myprogram
Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.