-
Notifications
You must be signed in to change notification settings - Fork 38
/
Copy pathexecsnoop-nd.8
53 lines (52 loc) · 1.21 KB
/
execsnoop-nd.8
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
.TH execsnoop-nd 8 "2015-01-30" "USER COMMANDS"
.SH NAME
execsnoop-nd \- trace process exec() with arguments. Uses Linux SystemTap (non-debuginfo).
.SH SYNOPSIS
.B execsnoop-nd.stp
.SH DESCRIPTION
This traces exec() from the fork()->exec() sequence, which means it will not
catch new processes that only fork(). It will also show every exec(), including
those if a process re-execs.
This is a basic version of execsnoop.
.SH REQUIREMENTS
SystemTap.
.SH EXAMPLES
.TP
Trace all new processes and arguments via exec():
#
.B execsnoop-nd.stp
.SH FIELDS
.TP
TIME
Time of the exec(), in human readable format.
.TP
PID
Process ID.
.TP
PPID
Parent process ID.
.TP
COMM
Process name.
.TP
ARGS
Command line arguments.
.SH OVERHEAD
This reads and processes exec() events and prints a line of output for each.
Since the rate of exec() is expected to be low (< 500/s), the overhead is
expected to be negligible.
.SH SOURCE
This is from the SystemTap lwtools collection.
.IP
https://github.com/brendangregg/systemtap-lwtools
.PP
Also look under the examples directory for a text file containing example
usage, output, and commentary for this tool.
.SH OS
Linux
.SH STABILITY
Unstable - in development.
.SH AUTHOR
Brendan Gregg
.SH SEE ALSO
top(1)