trace-cmd-record

Record a trace with a specific plugin

$ sudo trace-cmd record -p [plugin]

$ sudo trace-cmd record -F [executable]

$ sudo trace-cmd record -g [function]

$ sudo trace-cmd record -n [function]

$ sudo trace-cmd record --max-graph-depth [depth]

$ sudo trace-cmd record -P [pid]

trace-cmd record [options] [command]

-o
    Specifies the output file path for the recorded trace. Default is trace.dat.

-e
    Enables specific kernel trace events or event groups (e.g., sched:sched_switch, syscalls). Can be used multiple times.

-p
    Activates a kernel ftrace plugin for tracing (e.g., function, irq, syscalls).

-s
    Sets the global ftrace buffer size in kilobytes (KB).

-b
    Sets the ftrace buffer size per CPU in kilobytes (KB).

-F
    Records events for forked child processes, not just the parent process.

-D
    Detaches the tracing process, allowing it to run in the background. Requires trace-cmd stop to terminate recording.

-P
    Limits tracing to a specific process ID.

-c
    Records events only from the specified CPU or range of CPUs (e.g., 0, 0-3, 1,5).

-t
    Enables tracing of all currently running tasks.

trace-cmd record is a crucial utility within the trace-cmd suite, designed for capturing kernel trace events using the Linux ftrace infrastructure. It allows users to record a wide array of system activities, including function calls, scheduler events, I/O operations, and more, into a binary trace file (by default, trace.dat).

This generated trace file is invaluable for performance analysis, debugging kernel issues, and understanding detailed system behavior. Users can precisely control what to record by specifying events, filtering by process ID, setting buffer sizes, and configuring other tracing parameters, enabling them to focus on the most relevant data for their analysis. When a command is provided, trace-cmd record traces only for the duration of that command's execution; otherwise, it records until manually stopped.

• Requires root privileges or appropriate capabilities to interact with the ftrace subsystem.
• Can generate very large trace files quickly, potentially consuming significant disk space.
• Tracing can introduce a performance overhead on the system being monitored, especially with high event rates or large buffer sizes.
• Not all advanced ftrace capabilities are directly exposed via trace-cmd record's command-line options.

The default output file, trace.dat, is a compact binary format specific to trace-cmd. It is designed for efficient storage and fast parsing by other trace-cmd utilities like trace-cmd report.

If trace-cmd record is run without a specified command to trace, it will continue recording until manually stopped. This can be done by pressing Ctrl+C in the terminal or, if detached with -D, by executing trace-cmd stop.

trace-cmd was primarily developed by Steven Rostedt, a leading Linux kernel developer. Its creation aimed to provide a more user-friendly and accessible interface to the complex ftrace kernel tracing infrastructure, simplifying the process of kernel event recording and analysis for developers, system administrators, and performance engineers.

trace-cmd(1), trace-cmd report(1), trace-cmd start(1), trace-cmd stop(1), perf(1)