summary refs log tree commit diff
path: root/README
blob: b4406b61f0f988edcbc8ee47d6a02aaa67994076 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
EXTRACE(1)                  General Commands Manual                 EXTRACE(1)

NAME
     extrace – trace exec() calls system-wide

SYNOPSIS
     extrace [-deflq] [-o file] [-p pid | cmd ...]

DESCRIPTION
     extrace traces all program executions occurring on a system.

     The options are as follows:

     -d      Print the current working directory of the new process.

     -e      Print environment of process, or ‘-’ if unreadable.

     -f      Generate flat output without indentation.  By default, the line
             indentation reflects the process hierarchy.

     -l      Resolve full path of the executable.  By default, argv[0] is
             shown.

     -q      Suppress printing of exec(3) arguments.

     -o file
             Redirect trace output to file.

     -p pid  Only trace exec(3) calls descendant of pid.

     cmd ...
             Run cmd ... and only trace descendants of this command.

             By default, all exec(3) calls are traced globally.

EXIT STATUS
     The extrace utility exits 0 on success, and >0 if an error occurs.

ERRORS
     Check these prerequisites if you see this error:

           binding sk_nl error: Operation not permitted

     extrace requires special permissions to run, either root or the Linux
     CAP_NET_ADMIN capability.

     extrace only works on Linux kernels with the kernel options

           CONFIG_CONNECTOR=y
           CONFIG_PROC_EVENTS=y

SEE ALSO
     fatrace(1), ps(1), pwait(1)

AUTHORS
     Christian Neukirchen <chneukirchen@gmail.com>

     May contain traces of code from Guillaume Thouvenin, Matt Helsley, and
     Sebastian Krahmer.

BUGS
     While process tracing is exact, looking up all information is inherently
     sensitive to race conditions.  In doubt, you can only trust the PID was
     written correctly.

LICENSE
     extrace is licensed under the terms of the GPLv2.

Linux 4.6.2_1                    June 13, 2016                   Linux 4.6.2_1