On Thu, Jan 06, 2022 at 11:51:09AM +0100, Antony Stone wrote: > Hi. > > I'm wondering whether there is any way of getting a list or log file of > processes which get started and terminated, independently of whether those > processes themselves actually do any logging. > > > I'm wondering whether there's a logging option buried in whichever part of > the > system assigns and recovers process IDs as things get started and stopped, > perhaps?
There is audit exactly for that purpose. Something like auditctl -a task,always ausearch -i -sc execve should get you started. Another option could be execsnoop (https://github.com/iovisor/bcc/blob/master/tools/execsnoop.py) -- Tomasz Torcz 72->| 80->| to...@pipebreaker.pl 72->| 80->| _______________________________________________ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
