A modern, structured syscall tracer for Linux
loi is a syscall tracer for Linux that fixes what strace got wrong: confusing flags, plain text output, and no native JSON. Built in Rust.
0.1.0 (alpha). Usable for read / write / openat tracing on Linux x86_64 and aarch64. Filter DSL is minimal (--syscall glob, --fail). Expect breaking changes before 1.0.
openat, read, and write are decoded with named arguments and pretty / JSON output. Other syscalls pass through with a syscall_<nr> placeholder name and raw register values.
Pre-built binaries are published on the Releases page.
Pick the tarball matching your platform:
loi-v0.1.0-x86_64-unknown-linux-gnu.tar.gz(most x86_64 Linux distros, glibc)loi-v0.1.0-aarch64-unknown-linux-gnu.tar.gz(Linux on ARM64, glibc)loi-v0.1.0-x86_64-unknown-linux-musl.tar.gz(static build, Alpine, scratch images)
TAG=v0.1.0
TARGET=x86_64-unknown-linux-gnu
curl -L "https://github.com/ErickJ3/loi/releases/download/${TAG}/loi-${TAG}-${TARGET}.tar.gz" | tar -xz
sudo mv "loi-${TAG}-${TARGET}/loi" /usr/local/bin/loiVerify the download against SHA256SUMS from the same release page:
curl -LO "https://github.com/ErickJ3/loi/releases/download/v0.1.0/SHA256SUMS"
sha256sum -c SHA256SUMS --ignore-missing- Structured output: JSON-lines as a first-class citizen
- Ergonomic filters:
--syscall 'open*',--fail,--path '*.conf' - Robust follow-fork
- Container/namespace aware
- Sane defaults, colored output
cargo build --releasecargo ci # fmt check + clippy -D warnings + tests
cargo lint # clippy only
cargo xtask test # tests onlyCHANGELOG.md is generated from git history by git-cliff using cliff.toml.
cargo install git-cliff # one-time
cargo xtask changelog-unreleased # preview unreleased section
cargo xtask changelog # rewrite CHANGELOG.mdLicensed under either of:
- MIT license (LICENSE-MIT)
- Apache License, Version 2.0 (LICENSE-APACHE)
at your option.