How to track child process using strace?
I can't see an easy way:
You could use the -ff option with -o filename to produce multiple files (one per pid).
eg:
strace -o process_dump -ff ./executablegrep clone process_dump*that would help you see which parent created what. Maybe that would help you - at least then you could search backwards.
There is a perl script called strace-graph. Here is a version from github. It is packaged with crosstool-ng versions of compilers. It works for me even used cross platform.
ARM Linux box.
$ ./strace -f -q -s 100 -o app.trc -p 449$ tftp -pr app.trc 172.0.0.133X86_64 Linux box.
$ ./strace-graph /srv/tftp/app.trc (anon) +-- touch /tmp/ppp.sleep +-- killall -HUP pppd +-- amixer set Speaker 70% +-- amixer set Speaker 70% +-- amixer set Speaker 70% +-- amixer set Speaker 70% +-- amixer set Speaker 50% +-- amixer set Speaker 70% `-- amixer set Speaker 50%The output can be used to help navigate the main trace log.