Home
last modified time | relevance | path

Searched full:execsnoop (Results 1 – 21 of 21) sorted by relevance

/external/bcc/tools/
Dexecsnoop_example.txt1 Demonstrations of execsnoop, the Linux eBPF/bcc version.
4 execsnoop traces new processes. For example, tracing the commands invoked when
7 # ./execsnoop
26 processes, which won't be included in the execsnoop output.
31 # ./execsnoop -x
59 # ./execsnoop -Ttn mount
68 # ./execsnoop.py -l testpkg
84 # ./execsnoop --cgroupmap /sys/fs/bpf/test01
90 # ./execsnoop -U
99 # ./execsnoop -Uu 1000
[all …]
Dexecsnoop.py4 # execsnoop Trace new processes via exec() syscalls.
7 # USAGE: execsnoop [-h] [-T] [-t] [-x] [-q] [-n NAME] [-l LINE]
51 ./execsnoop # trace all exec() syscalls
52 ./execsnoop -x # include failed exec()s
53 ./execsnoop -T # include time (HH:MM:SS)
54 ./execsnoop -U # include UID
55 ./execsnoop -u 1000 # only trace UID 1000
56 ./execsnoop -u user # get user UID and trace only them
57 ./execsnoop -t # include timestamps
58 ./execsnoop -q # add "quotemarks" around arguments
[all …]
Dsyscount_example.txt83 might be worth investigating with follow-up tools like opensnoop, execsnoop,
111 investigating with follow-up tools like opensnoop, execsnoop, or
Dexitsnoop.py41 The template for this script was Brendan Gregg's execsnoop
42 https://github.com/iovisor/bcc/blob/master/tools/execsnoop.py
50 07-Feb-2016 Brendan Gregg (Netflix) Created execsnoop
/external/bcc/man/man8/
Dexecsnoop.81 .TH execsnoop 8 "2020-02-20" "USER COMMANDS"
3 execsnoop \- Trace new processes via exec() syscalls. Uses Linux eBPF/bcc.
5 .B execsnoop [\-h] [\-T] [\-t] [\-x] [\-\-cgroupmap CGROUPMAP] [\-\-mntnsmap MAPPATH]
8 execsnoop traces new processes, showing the filename executed and argument
14 exec(), eg, for worker processes, which won't be included in the execsnoop
66 .B execsnoop
70 .B execsnoop \-t
74 .B execsnoop \-U
78 .B execsnoop \-u 1000
82 .B execsnoop \-Uu root
[all …]
Dthreadsnoop.89 a companion to execsnoop(8) which traces execve(2).
60 execsnoop(8)
Dexitsnoop.8110 execsnoop(8)
Dopensnoop.8156 execsnoop(8), funccount(1)
/external/bcc/libbpf-tools/
Dexecsnoop.c1 // Based on execsnoop(8) from BCC by Brendan Gregg and others.
13 #include "execsnoop.h"
14 #include "execsnoop.skel.h"
42 const char *argp_program_version = "execsnoop 0.1";
48 "USAGE: execsnoop [-h] [-T] [-t] [-x] [-u UID] [-q] [-n NAME] [-l LINE] [-U]\n"
52 " ./execsnoop # trace all exec() syscalls\n"
53 " ./execsnoop -x # include failed exec()s\n"
54 " ./execsnoop -T # include time (HH:MM:SS)\n"
55 " ./execsnoop -U # include UID\n"
56 " ./execsnoop -u 1000 # only trace UID 1000\n"
[all …]
D.gitignore15 /execsnoop
Dexecsnoop.bpf.c5 #include "execsnoop.h"
DMakefile31 execsnoop \
/external/bcc/docs/
Dspecial_filtering.md16 # ./execsnoop --cgroupmap /sys/fs/bpf/test01
85 Execute the `execsnoop` tool filtering only the mount namespaces
89 # tools/execsnoop.py --mntnsmap /sys/fs/bpf/mnt_ns_set
118 You'll see how on the `execsnoop` terminal you started above the call is logged:
121 # tools/execsnoop.py --mntnsmap /sys/fs/bpf/mnt_ns_set
Dtutorial.md5 It is assumed for this tutorial that bcc is already installed, and you can run tools like execsnoop
30 1. execsnoop
44 #### 1.1 execsnoop
47 # ./execsnoop
56 execsnoop prints one line of output for each new process. Check for short-lived processes. These ca…
Dreference_guide.md365 [code](https://github.com/iovisor/bcc/blob/552658edda09298afdccc8a4b5e17311a2d8a771/tools/execsnoop
/external/bcc/snap/
Dsnapcraft.yaml154 execsnoop:
155 command: bcc-wrapper execsnoop
/external/bcc/
DFAQ.txt60 File "./execsnoop", line 20, in <module>
DINSTALL.md589 sudo /usr/share/bcc/tools/execsnoop
629 sudo /usr/share/bcc/tools/execsnoop
658 sudo /usr/share/bcc/tools/execsnoop
DREADME.md112 - tools/[execsnoop](tools/execsnoop.py): Trace new processes via exec() syscalls. [Examples](tools/…
/external/bcc/debian/
Dchangelog130 * libbpf-tools: cpudist, syscount, execsnoop, vfsstat
154 * cgroupmap based cgroup filtering for opensnoop, execsnoop and bindsnoop.
/external/bcc/tests/python/
Dtest_tools_smoke.py171 self.run_with_int("execsnoop.py")