Provided by: extrace_0.7-2_amd64 bug

NAME

     extrace — trace exec() calls system-wide

SYNOPSIS

     extrace [-deflqtu] [-o file] [-p pid | cmd ...]

DESCRIPTION

     extrace traces all program executions occurring on a system.

     The options are as follows:

     -d      Print the current working directory of the new process.

     -e      Print environment of process, or ‘-’ if unreadable.

     -f      Generate flat output without indentation.  By default, the line indentation reflects
             the process hierarchy.

     -l      Resolve full path of the executable.  By default, argv[0] is shown.

     -q      Suppress printing of exec(3) arguments.

     -t      Also display process exit status and duration.

     -u      Also display the user running the process.

     -o file
             Redirect trace output to file.

     -p pid  Only trace exec(3) calls descendant of pid.

     cmd ...
             Run cmd ... and only trace descendants of this command.

             By default, all exec(3) calls are traced globally.

EXIT STATUS

     The extrace utility exits 0 on success, and >0 if an error occurs.

ERRORS

     Check these prerequisites if you see this error:

           binding sk_nl error: Operation not permitted

     extrace requires special permissions to run, either root or the Linux CAP_NET_ADMIN
     capability.

     extrace only works on Linux kernels with the kernel options

           CONFIG_CONNECTOR=y
           CONFIG_PROC_EVENTS=y

SEE ALSO

     fatrace(1), ps(1), pwait(1), strace(1)

AUTHORS

     Leah Neukirchen <leah@vuxu.org>

     May contain traces of code from Guillaume Thouvenin, Matt Helsley, and Sebastian Krahmer.

BUGS

     While process tracing is exact, looking up all information is inherently sensitive to race
     conditions.  In doubt, you can only trust the PID was written correctly.

LICENSE

     extrace is licensed under the terms of the GPLv2.