kdump
—
display kernel trace data
kdump |
[-dElNnRT ] [-e
emulation] [-f
file] [-m
maxdata] [-p
pid] [-t
trstr] [-x |
-X size]
[file] |
kdump
displays the kernel trace files produced with
ktrace(1) in human readable
format. The file ktrace.out in the current directory
is displayed, unless either the -f
option is used, or
a file name is supplied as the last argument.
The options are as follows:
-d
- Display all numbers in decimal.
-E
- Display elapsed timestamps (time since beginning of trace).
-e
emulation
- If an emulation of a process is unknown, interpret system call maps
assuming the named emulation instead of default "netbsd".
-f
file
- Display the specified file instead of
ktrace.out.
-l
- Loop reading the trace file, once the end-of-file is reached, waiting for
more data.
-m
maxdata
- Display at most maxdata bytes when decoding
I/O.
-N
- Suppress system call number-to-name translation.
-n
- Suppress ad hoc translations. Normally
kdump
tries
to decode many system calls into a more human readable format. For
example, ioctl(2) values are
replaced with the macro name and errno values are
replaced with the
strerror(3) string.
Suppressing this feature yields a more consistent output format and is
easily amenable to further processing.
-p
pid
- Only display records from the trace file that are for the indicated
pid.
-R
- Display relative timestamps (time since previous entry).
-T
- Display absolute timestamps for each entry (seconds since epoch).
-t
trstr
- Restrict display to the specified set of kernel trace points. The default
is to display everything in the file. See the
-t
option of ktrace(1).
-x
- Display GIO data in hex and ascii instead of
vis(3) format.
-X
size
- Same as
-x
but display hex values by groups of
size bytes. Supported values are 1, 2, 4, 8, and
16.
The kdump
command appears in
4.4BSD.