Kstrax -- kernel system call tracer

Fri Apl 21 2006
Author : Satoru MORIYA <s-moriya@sdl.hitachi.co.jp>

INDEX
1. What Is Kstrax
2. Installation
3. How to Use
4. Limitations


1. What Is Kstrax
===================
 This program traces the system call executions, analyzes the trace log file,
and displays each system call information and statistics information.

 Kstrax has some features.
  - Record in Kernel space 
    Kstrax records system call information in Linux Kernel space.
  - Not change the Linux Kernel.
    It is not necessary to change the Linux Kernel because Kstrax consists
    of modules and commands.
  - Trace all system calls at low overhead
    It is possible to trace all system calls executed on the system at low
    overhead because of tracing in kernel space.

Kstrax requires below.
  * kernel package (kernel-devel-x.x.x)

Kstrax is checked on the following system.
 - RedHat Enterprise Linux AS 4 Update 1

2. Installation
================
  1)Untar the Kstrax archive

    $ tar xjf kstrax-0.0.1.tar.bz2

  2)Install kernel modules and command

    $ su - (input super-user password)
    # cd $(SOMEWHERE_LIST)/kstrax-0.0.1
    # make install


3. How To Use
==============
  1)Trace system calls in kernel space

    $ su - (input super-user password)
    # kstrax-rec start

  2)Get a log buffer from kernel

    $ su - (input super-user password)
    # kstrax -bfilename

  3)Terminate getting the buffer

   "Ctrl + C"

  4)Display the trace data

    $ kstrax -tfilename

  5)Terminate tracing in kernel space

    $ su - (input super-user password)
    # kstrax-rec stop

  *)See the help command for more details 
    $ kstrax -h

4. Limitations
===============
 - Kstrax can use just on i386 architecture.
