execsnoop_example.txt - OpenGrok cross reference for /external/bcc/tools/execsnoop

Lines Matching +full:- +full:- +full:bin
9 bash             15887    0 /usr/bin/man ls
10 preconv          15894    0 /usr/bin/preconv -e UTF-8
11 man              15896    0 /usr/bin/tbl
12 man              15897    0 /usr/bin/nroff -mandoc -rLL=169n -rLT=169n -Tutf8
13 man              15898    0 /usr/bin/pager -s
14 nroff            15900    0 /usr/bin/locale charmap
15 nroff            15901    0 /usr/bin/groff -mtty-char -Tutf8 -mandoc -rLL=169n -rLT=169n
16 groff            15902    0 /usr/bin/troff -mtty-char -mandoc -rLL=169n -rLT=169n -Tutf8
17 groff            15903    0 /usr/bin/grotty
24 that follow the fork->exec sequence, as well as processes that re-exec()
29 The -x option can be used to include failed exec()s. For example:
31 # ./execsnoop -x
35 mkdir            9662     0 /bin/mkdir -p ./main
37 chown            9664     0 /bin/chown nobody:nobody ./main
38 run              9665     0 /bin/mkdir -p ./main
40 run              9660    -2 /usr/local/bin/setuidgid nobody /command/multilog t ./main
41 chown            9668     0 /bin/chown nobody:nobody ./main
42 run              9666     0 /bin/chmod 0777 main
43 run              9663    -2 /usr/local/bin/setuidgid nobody /command/multilog t ./main
44 run              9669     0 /bin/mkdir -p ./main
45 run              9661    -2 /usr/local/bin/setuidgid nobody /command/multilog t ./main
50 failures (trying to execute a /usr/local/bin/setuidgid, which I just noticed
54 A -t option can be used to include a timestamp column, and a -n option to match
58 # ./execsnoop -tn mount
60 2.849   mount            18049    0 /bin/mount -p
62 The -l option can be used to only show command where one of the arguments
67 # ./execsnoop.py -l testpkg
70 systemctl        3344535 4146419   0 /bin/systemctl status testpkg.service
71 yum              3344856 4146419   0 /usr/local/bin/yum remove testpkg
72 python           3344856 4146419   0 /usr/local/bin/python /usr/local/bin/yum remove testpkg
73 yum              3344856 4146419   0 /usr/bin/yum remove testpkg
74 yum              3345086 4146419   0 /usr/local/bin/yum install testpkg
75 python           3345086 4146419   0 /usr/local/bin/python /usr/local/bin/yum install testpkg
76 yum              3345086 4146419   0 /usr/bin/yum install testpkg
77 rpm              3345452 4146419   0 /bin/rpm -qa testpkg
81 # ./execsnoop -h
82 usage: execsnoop [-h] [-t] [-x] [-n NAME] [-l LINE] [--max-args MAX_ARGS]
87   -h, --help            show this help message and exit
88   -t, --timestamp       include timestamp on output
89   -x, --fails           include failed exec()s
90   -n NAME, --name NAME  only print commands matching this name (regex), any
92   -l LINE, --line LINE  only print commands where arg contains this line
94   --max-args MAX_ARGS   maximum number of arguments parsed and displayed,
99     ./execsnoop -x        # include failed exec()s
100     ./execsnoop -t        # include timestamps
101     ./execsnoop -n main   # only print command lines containing "main"
102     ./execsnoop -l tpkg   # only print command where arguments contains "tpkg"