how to tell what ran what

Tim Utschig tim at
Wed Feb 15 18:32:22 PST 2006

On Wed, Feb 15, 2006 at 03:31:46PM -0500, Glenn McCalley wrote:
> If I can get a list of what programs, path and file name, called
> sendmail over (say) the last 24 hours, one of them should jump off the
> page with an unreasonable level of activitiy.

A dirty hack would be to replace the sendmail binary with a script (or
program) which records info about the parent process to some world-
writable file or directory (perhaps create a unique file under a dir
with perms 1773 owned by root:staff) before exec'ing the "real" sendmail

   - Tim Utschig <tim at>

More information about the freebsd-questions mailing list