strace-ui for SRE Debugging

Raw strace output is powerful, but it is also noisy. During an incident, scrolling through thousands of syscalls is rarely the fastest way to answer a simple question: what is this process opening, reading, writing, connecting to, or waiting on? Jane Street's strace-ui keeps the familiar strace model and adds an interactive terminal interface on top.

The tool reached the Hacker News front page through Jane Street's post about strace-ui, Bonsai_term, and the TUI renaissance. The SRE angle is straightforward: terminals are still where many operators debug production systems.

What Is strace-ui?

strace-ui is a Bonsai_term application for interactively viewing strace output. It shells out to strace and renders syscall data in a split terminal view with a syscall list on one side and structured details on the other.

It renders buffers as hexdumps, formats structs, links unfinished syscalls with their completion, and gives process IDs short labels so multi-process traces are easier to scan.

Key Features

• Interactive filters for syscall names, process IDs, and regex searches
• File descriptor tracking, including jump-to-origin navigation
• Network-aware file descriptor display using strace --decode-fds=all
• Hex and string display modes for payload inspection
• Built-in help for shortcuts such as ?, f, F, /, h, p, and Tab

That helps when telemetry cannot explain what a process is actually doing.

Installation

The project uses OCaml and OxCaml, so install opam first. Then create the OxCaml switch and install the binary:

opam switch create oxcaml-dev \
  --repos=oxcaml-dev=git+https://github.com/oxcaml/opam-repository.git#dev,default

opam install strace-ui

You also need strace on the target system:

sudo apt-get install strace

Usage

Run it much like strace:

strace-ui ping localhost
strace-ui -p 12345 -e '!futex'

Under the hood, strace-ui uses absolute timestamps, syscall timing, fork following, file descriptor decoding, full strings, and non-abbreviated output. The difference is that you can refine the view after capture instead of restarting the trace for every filter.

Incident Workflow

Use strace-ui when a process behaves strangely but application logs are too vague. Examples include a service opening the wrong config file, a worker writing to an unexpected socket, or a daemon connecting to a surprising endpoint.

For attached production debugging, keep the trace narrow. Start with a PID and a focused -e expression, then use interactive filters to hide routine syscalls and follow the file descriptor that matters.

Operational Tips

Treat syscall tracing as sensitive. Traces can expose paths, hostnames, tokens, and request payloads. Redact before sharing.

Pair strace-ui with normal observability. Metrics show the symptom, logs explain intent, and syscalls show what the process actually asked Linux to do.

Conclusion

strace-ui is a practical upgrade for operators who already reach for strace. It makes low-level process behavior searchable, navigable, and easier to reason about during a live debugging session.

If your team wants AI-assisted incident workflows with strong operational context, Akmatori helps SRE teams investigate alerts, coordinate response, and automate safe infrastructure actions. Powered by Gcore for global infrastructure reliability.