DTrace script to trace process execution
dteske at FreeBSD.org
dteske at FreeBSD.org
Sat Dec 6 00:39:19 UTC 2014
Someone asked me about having a DTrace script that displays
"ps axwww"-like info each time a process is executed.
Well, I'm actually more of a fan of "pstree"-like layout, so I
wrote a DTrace script that produces output similar to
sysutils/pstree each/everytime a process is executed.
Sample output of attached "watch_execve.d":
2014 Dec 5 13:31:30 bash[40851]: ls -A
-+= 00809 0.0 /usr/sbin/sshd
\-+= 40829 0.0 sshd: support at pts/0
\-+= 40851 0.0 -bash
\-+= 27188 0.0 ls -A
If you don't want the pstree style info, you can simply run:
watch_execve.d | grep -v '^[[:space:]]'
--
Cheers,
Devin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: watch_execve.d
Type: application/octet-stream
Size: 8776 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-dtrace/attachments/20141205/67b10142/attachment.obj>
More information about the freebsd-dtrace
mailing list