PHP 8.5.2
Preview: execsnoop_example.txt Size: 1.50 KB
//usr/share/doc/bpftrace/examples/execsnoop_example.txt

Demonstrations of execsnoop, the Linux BPF/bpftrace version.


Tracing all new process execution (via exec()):

# ./execsnoop.bt
Attaching 3 probes...
TIME            PID     PPID    ARGS
08:57:52.430193 3187374 1971701 ls --color --color=auto -lh execsnoop.bt execsnoop.bt.0 execsnoop.bt.1
08:57:52.441868 3187378 3187375 man ls
08:57:52.473565 3187384 3187378 preconv -e UTF-8
08:57:52.473620 3187384 3187378 preconv -e UTF-8
08:57:52.473658 3187384 3187378 preconv -e UTF-8
08:57:52.473839 3187385 3187378 tbl
08:57:52.473897 3187385 3187378 tbl
08:57:52.473944 3187385 3187378 tbl
08:57:52.474055 3187386 3187378 nroff -mandoc -Tutf8
08:57:52.474107 3187386 3187378 nroff -mandoc -Tutf8
08:57:52.474145 3187386 3187378 nroff -mandoc -Tutf8
08:57:52.474684 3187388 3187378 less
08:57:52.474739 3187388 3187378 less
08:57:52.474780 3187388 3187378 less
08:57:52.475502 3187389 3187386 groff -Tutf8 -mtty-char -mandoc
08:57:52.476717 3187390 3187389 troff -mtty-char -mandoc -Tutf8
08:57:52.476811 3187391 3187389 grotty

The output begins by showing an "ls" command, and then the process execution
to serve "man ls". The same exec arguments appear multiple times: in this case
they are failing as the $PATH variable is walked, until one finally succeeds.

This tool can be used to discover unwanted short-lived processes that may be
causing performance issues such as latency perturbations.


There is another version of this tool in bcc: https://github.com/iovisor/bcc
The bcc version provides more fields and command line options.

Directory Contents

Dirs: 0 × Files: 38

Name Size Perms Modified Actions
722 B lrw-r--r-- 2024-03-07 22:14:52
Edit Download
1.75 KB lrw-r--r-- 2024-03-07 22:14:52
Edit Download
2.01 KB lrw-r--r-- 2024-03-07 22:14:52
Edit Download
1.87 KB lrw-r--r-- 2024-03-07 22:14:52
Edit Download
2.93 KB lrw-r--r-- 2024-03-07 22:14:52
Edit Download
2.60 KB lrw-r--r-- 2024-03-07 22:14:52
Edit Download
4.80 KB lrw-r--r-- 2024-03-07 22:14:52
Edit Download
4.50 KB lrw-r--r-- 2024-03-07 22:14:52
Edit Download
1.50 KB lrw-r--r-- 2024-03-07 22:14:52
Edit Download
923 B lrw-r--r-- 2024-03-07 22:14:52
Edit Download
846 B lrw-r--r-- 2024-03-07 22:14:52
Edit Download
864 B lrw-r--r-- 2024-03-07 22:14:52
Edit Download
1.82 KB lrw-r--r-- 2024-03-07 22:14:52
Edit Download
844 B lrw-r--r-- 2024-03-07 22:14:52
Edit Download
1.63 KB lrw-r--r-- 2024-03-07 22:14:52
Edit Download
2.47 KB lrw-r--r-- 2024-03-07 22:14:52
Edit Download
1.47 KB lrw-r--r-- 2024-03-07 22:14:52
Edit Download
8.43 KB lrw-r--r-- 2024-03-07 22:14:52
Edit Download
980 B lrw-r--r-- 2024-03-07 22:14:52
Edit Download
2.38 KB lrw-r--r-- 2024-03-07 22:14:52
Edit Download
4.40 KB lrw-r--r-- 2024-03-07 22:14:52
Edit Download
1.87 KB lrw-r--r-- 2024-03-07 22:14:52
Edit Download
2.67 KB lrw-r--r-- 2024-03-07 22:14:52
Edit Download
549 B lrw-r--r-- 2024-03-07 22:14:52
Edit Download
541 B lrw-r--r-- 2024-03-07 22:14:52
Edit Download
1.12 KB lrw-r--r-- 2024-03-07 22:14:52
Edit Download
1.32 KB lrw-r--r-- 2024-03-07 22:14:52
Edit Download
1.06 KB lrw-r--r-- 2024-03-07 22:14:52
Edit Download
1.23 KB lrw-r--r-- 2024-03-07 22:14:52
Edit Download
1.56 KB lrw-r--r-- 2024-03-07 22:14:52
Edit Download
1.13 KB lrw-r--r-- 2024-03-07 22:14:52
Edit Download
940 B lrw-r--r-- 2024-03-07 22:14:52
Edit Download
1.15 KB lrw-r--r-- 2024-03-07 22:14:52
Edit Download
680 B lrw-r--r-- 2024-03-07 22:14:52
Edit Download
1.17 KB lrw-r--r-- 2024-03-07 22:14:52
Edit Download
929 B lrw-r--r-- 2024-03-07 22:14:52
Edit Download
1.92 KB lrw-r--r-- 2024-03-07 22:14:52
Edit Download
3.34 KB lrw-r--r-- 2024-03-07 22:14:52
Edit Download

If ZipArchive is unavailable, a .tar will be created (no compression).