:: Re: [DNG] Track process start / sto…
Startseite
Nachricht löschen
Nachricht beantworten
Autor: Tomasz Torcz
Datum:  
To: dng
Betreff: Re: [DNG] Track process start / stop?
On Thu, Jan 06, 2022 at 11:51:09AM +0100, Antony Stone wrote:
> Hi.
>
> I'm wondering whether there is any way of getting a list or log file of
> processes which get started and terminated, independently of whether those
> processes themselves actually do any logging.
>
>
> I'm wondering whether there's a logging option buried in whichever part of the
> system assigns and recovers process IDs as things get started and stopped,
> perhaps?


There is audit exactly for that purpose. Something like

auditctl -a task,always
ausearch -i -sc execve

should get you started.

 Another option could be execsnoop
 (https://github.com/iovisor/bcc/blob/master/tools/execsnoop.py)
-- 
Tomasz Torcz                                                       72->|   80->|
tomek@???                                               72->|   80->|