kdump displays the kernel trace files produced with
ktrace(1) in human readable format. The file
ktrace.out in the current directory is displayed, unless either the
-f option is used, or a file name is supplied as the last argument.
The options are as follows:
-d
Display all numbers in decimal.
-e emulation
If an emulation of a process is unknown, interpret system call maps assuming the named emulation instead of default "netbsd".
-f file
Display the specified file instead of ktrace.out.
-l
Loop reading the trace file, once the end-of-file is reached, waiting for more data.
-m maxdata
Display at most maxdata bytes when decoding I/O.
-N
Suppress system call number-to-name translation.
-n
Suppress ad hoc translations. Normally
kdump tries to decode many system calls into a more human readable format. For example,
ioctl(2) values are replaced with the macro name and
errno values are replaced with the
strerror(3) string. Suppressing this feature yields a more consistent output format and is easily amenable to further processing.
-p pid
Only display records from the trace file that are for the indicated pid.
-R
Display relative timestamps (time since previous entry).
-T
Display absolute timestamps for each entry (seconds since epoch).
-t trstr
Restrict display to the specified set of kernel trace points. The default is to display everything in the file. See the
-t option of
ktrace(1).
-x
Display GIO data in hex and ascii instead of
vis(3) format.
-X size
Same as -x but display hex values by groups of size bytes. Supported values are 1, 2, 4, 8, and 16.