about summary refs log tree commit diff
path: root/extrace.1
blob: 3a368822c8b863d8b28e68d22b81226bc19fa659 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
.Dd June 19, 2018
.Dt EXTRACE 1
.Os
.Sh NAME
.Nm extrace
.Nd trace exec() calls system-wide
.Sh SYNOPSIS
.Nm
.Op Fl deflqQtu
.Op Fl o Ar file
.Op Fl p Ar pid | cmd\ ...
.Sh DESCRIPTION
.Nm
traces all program executions occurring on a system.
.Pp
The options are as follows:
.Bl -tag -width Ds
.It Fl d
Print the current working directory of the new process.
.It Fl e
Print environment of process, or
.Sq Li -
if unreadable.
.It Fl f
Generate flat output without indentation.
By default, the line indentation reflects the process hierarchy.
.It Fl l
Resolve full path of the executable.
By default,
.Li "argv[0]"
is shown.
.It Fl q
Suppress printing of
.Xr exec 3
arguments.
.It Fl Q
Suppress printing of runtime errors.
.It Fl t
Also display process exit status and duration.
.It Fl u
Also display the user running the process.
.It Fl o Ar file
Redirect trace output to
.Ar file .
.It Fl p Ar pid
Only trace
.Xr exec 3
calls descendant of
.Ar pid .
.It Ar cmd\ ...
Run
.Ar cmd\ ...
and only trace descendants of this command.
.Pp
By default, all
.Xr exec 3
calls are traced globally.
.El
.Sh EXIT STATUS
.Ex -std
.Sh ERRORS
Check these prerequisites if you see this error:
.Bd -literal -offset Ds
binding sk_nl error: Operation not permitted
.Ed
.Pp
.Nm
requires special permissions to run, either root or the Linux
.Li "CAP_NET_ADMIN"
capability.
.Pp
.Nm
only works on Linux kernels with the kernel options
.Bd -literal -offset Ds
CONFIG_CONNECTOR=y
CONFIG_PROC_EVENTS=y
.Ed
.Sh SEE ALSO
.Xr fatrace 1 ,
.Xr ps 1 ,
.Xr pwait 1 ,
.Xr strace 1
.Sh AUTHORS
.An Leah Neukirchen Aq Mt leah@vuxu.org
.Pp
May contain traces of code from
Guillaume Thouvenin,
Matt Helsley,
and
Sebastian Krahmer.
.Sh BUGS
While process tracing is exact, looking up all information is
inherently sensitive to race conditions.
In doubt, you can only trust the PID was written correctly.
.Sh LICENSE
.Nm
is licensed under the terms of the GPLv2.