kenorb kenorb - 1 month ago 3
Bash Question

How to parse strace in shell into plain text?

I've trace log generated by

command like on running PHP by:

sudo strace -e sendto -fp $(pgrep -n php) -o strace.log

And the output looks like:

11208 sendto(4, "set 29170397297_-cache-schema 85 0 127240\r\n\257\202\v\0?\0\0\0\2\27\10stdClass\24\7\21\3cid\21\6schema\21\4d\37ata\25\n\247\21\5block\24\6\21\6fields\24\f\21\3bid\24\2\5\21\4type 0\37erial\21\10not null\5\21\6module\24\4\16\7\21\7va\37rchar\21\6length\6@\16\t\5\21\7default\r\21\5de\2lta@\5\16\v\16\f\6 \35\7\16\r\21\0010\21\5t \207
\30@6\2\16\r\r n\4tatus@0\4\21\3int
/\7\6\0\21\4size \222\finy\21\6weight\24\3 ;\0\22\300 \6\6region@8\340\5P\5custom
\27\300,\17\16\23\16\24\21\nvisibility\340\t\34\7\5pages\24\2 \205\3\4tex@\206 \261\1it \365\0\5\240
y\10\r\21\ftransl!N\2ble %\1ca!a\340\3Q\0\1
n\31\vprimary key\24\1\6\0\16\6\21\vunique@\21\ts\24\1\21\3tmd\24\3 \31\0\20 2\v\n\6\2\16\16\21\7index \210\10\1\21\4list\24\5\240\36\0\21 \36\10\26\6\3\16\25\6\4\16\n \1\6\4\21\4name \7\0\na\317\2_ro
\252\0\5!$\0\n \3\341\2\23\0\16\340\0\16A\214\2\21\3r!\354@ \v\22\21\10unsigned\5@\332\0\36
\213\0\n \213\0\16 l\6%\16!\24\1\16%
M\2\10\16&@E\4\21\4bod\201_\5\32\16\t\4\16\23B\\\2g\16\34 \30\3info .\0\7a\255\0\200@q!L\5\6forma\201\332B/!d\2\4\16\37 y\0*
\200\2\5\16\1\340\0U =@U\1\16\3@\222 \212\2lob@O\n\23\16)\21\6expire@\30\342\0\26\7\21\7create\241\17
< \25\0\n\203\1\"\177\0d
Y\0\22 \305\5\5small\240!a\32\0.
\230\0.\240\240\0\1\240\240\3,\21\vb S\2kpo\"\313\2s\24\6!\220\2\t\21\2\241q\0\10 ?\4\21\tno \213\6ort\5\21\fm\";\3ine_A\313
\31\0- \223\1\21\t\341\0\30B-\0\1!\10\0003a\253\0005
\v\0005ac \327Dz\"\364 \20\0\10 \6\0 @\333\r\0165\16\36\0163\21\nidenti$x\nr\0166\21\vadmin_ce\10\21\5label\21\f\244H\6 hook\21\23\240\r\0_\340\1\375\fs\21\3api\24\4\21\5own F\0062\16C\16B\21\17 H\5imum_v \260$\25\7\6\1\21\17curr m\340\1\22!\242\0002\"\305\0022\21\20\340\1N\5_groupa\247\2\6\0163
\352\0\10 \352\2\0164\5 \325C%\341\0P\341\5\220\1\0162aQA\26\4\16:\5\21\17\201\321\1 c\"$\5back\21#\340\7b\0_\200!\340\3\311\1\16\7
C\340\0a!\312\1\no \300#\240!&
}\241\237\0\0\242e\341\4n\5\16;\24\10\16< \7\2=\21\35\340\1m\0
\320\0 \342\3XAz\v\16>\16G\16?\16@\16A\21\30\341\tT\201\5\1\21\22\200\243\0 B0\6 string#o\4toolsbD\1\16C \260\0D!D\4C\16L\16E!P\0F \3\201T\16G\21\21ckeditor_set%\266\0gE\323\0\5%Q\0# 4@\345!)\"w#\372\1\21\10\340\0!\0\1 \31\0\32\240\334\4#\16\n\21\10\300D \r\2O\21\25\300\r\6_input_\244+\340\16V\1\16+ \31\340\4h X\0\2!;\0# \245\0+ \247\0Q T\7R\21\26comme#/\0_%\266\2cko W\3pane ;\4\5\24\10\21\7@\v\0_\243\257\301\231\1\21\4F\35 !\340\1\22F\323\0021\21\10\"\311'B\0e@\223A\254&f`\346\"~\6\vcollap&q%\227\340\6\35\2\0\21\t\240\35\344\1a\3009\0\0#\212\300.\0001\200L$\247\1enFl\344\0\216\300,\0\1G\5\3view\340\0002\300\177 \372\0\1 K\0T!"..., 8196, MSG_NOSIGNAL|MSG_MORE, NULL, 0) = 8196

It sounds like these are represented by ordinary C escape codes.

I've tried to decode them in shell by

while read line; do printf "%s" "$line"; done < <(cat strace.log | head -n2)

but it failed (looks like it doesn't make any sense):

11208 sendto(4, "set 29170397297_-cache-schema 85 0 127240rn257202v0?00022710stdClass247213cid216schema214d37ata25n247215block246216fields24f213bid2425214type 037erial2110not null5216module244167217va37rchar216length6@16t5217defaultr215de2lta@516v16f6 35716r210010215t 207
30@6216rr n4tatus@04213int
/760214size 222finy216weight243 ;022300 66region@83405P5custom
27300,171623162421nvisibility340t3475pages242 20534tex@206 2611it 36505240
y10r21ftransl!N2ble %1ca!a3403Q01
n31vprimary key2416016621vunique@21ts241213tmd243 31020 2vn621616217index 210101214list24524036021 3610266316256416n 164214name 70na3172_ro
25205!$0n 3341223016340016A2142213r!354@ v222110unsigned5@332036
2130n 213016 l6%16!24116%
M21016&@E4214bod201_53216t41623B\2g1634 303info .07a2550200@q!L56forma201332B/!d241637 y0*
200251613400U =@U1163@222 2122lob@On2316)216expire@303420267217create24117
< 250n2031"1770d
Y022 30555small240!a320.`2300.240240012402403,21vb S2kpo"3132s246!2202t212241q010...

Is there any better way to parse the output of
command to see plain strings passed to

Ideally it is possible to print printable characters including new lines (
), but cut-off NULLs and other non-printable characters?


The problem why read doesn't work, because shell is already escaping the characters, so the string is doubled escaped, therefore \r\n is printed as rn.

To ignore escaping of characters by shell, you can use read -r which allow backslashes to escape any characters (so they're treated literally). Here is example:

while read -r line; do printf "%b\n" "$line"; done < strace.log | strings

Since it's a binary data, above example also includes strings command to display only printable strings.

Strace also support printing all strings in hex when -x is specified, but it'll work the same.

Here is the version to parse strace output in real-time:

while read -r line;
    do printf "%b\n" "$line" | strings
done < <(sudo strace -e recvfrom,sendto -s 1000 -fp $(pgrep -n php) 2>/dev/stdout)

Further more strings, can be replaced by more specific filter using grep, to get only what is inside double quotes:

grep -o '".\+[^"]"' | grep -o '[^"]\+[^"]'

however this may still print binary formats.

To avoid that, lets simplify the whole process, so lets define the following formatter alias:

alias format-strace='grep --line-buffered -o '\''".\+[^"]"'\'' | grep --line-buffered -o '\''[^"]*[^"]'\'' | while read -r line; do printf "%b" $line; done | tr "\r\n" "\275\276" | tr -d "[:cntrl:]" | tr "\275\276" "\r\n"'


  • grep -o '".\+[^"]"' - select double-quoted string with quotes
  • grep -o '[^"]*[^"]' - select text within the double quotes
  • while read -r line - store each line into $line and do some action (help read)
  • printf "%b" $line - print line by expanding backslash escape sequences
  • tr "\r\n" "\275\276" - temporarily replace \r\n into \275\276
  • tr -d "[:cntrl:]" - remove all control characters
  • tr "\275\276" "\r\n" - restore new line endings

then the complete example to trace some command (e.g. php) can look like:

strace -e trace=read,write,recvfrom,sendto -s 1000 -fp $(pgrep -n php) 2>&1 | format-strace

Check for similar example: How to view the output of a running process in another bash session? at Unix.SE