diff options
Diffstat (limited to 'Examples/shellsnoop_example.txt')
| -rw-r--r-- | Examples/shellsnoop_example.txt | 112 |
1 files changed, 112 insertions, 0 deletions
diff --git a/Examples/shellsnoop_example.txt b/Examples/shellsnoop_example.txt new file mode 100644 index 000000000000..be307f80f63e --- /dev/null +++ b/Examples/shellsnoop_example.txt @@ -0,0 +1,112 @@ +shellsnoop captures the text input and output from shells running on the +system. In the following example shellsnoop was run in one window, while +in another several commands were run: date, cal, uname -a, uptime and find. +shellsnoop has successfully captured the text that was displayed on the +other window. + + +# shellsnoop + PID PPID CMD DIR TEXT + 4724 3762 ksh R + 4724 3762 ksh W date + + 4741 4724 date W Sun Mar 28 23:10:06 EST 2004 + 4724 3762 ksh R + 4724 3762 ksh W jupiter:/etc/init.d> + 4724 3762 ksh R + 4724 3762 ksh R + 4724 3762 ksh W cal + + 4742 4724 cal W March 2004 + 4742 4724 cal W S M Tu W Th F S + 4742 4724 cal W 1 2 3 4 5 6 + 4742 4724 cal W 7 8 9 10 11 12 13 + 4742 4724 cal W 14 15 16 17 18 19 20 + 4742 4724 cal W 21 22 23 24 25 26 27 + 4742 4724 cal W 28 29 30 31 + 4742 4724 cal W + 4724 3762 ksh R + 4724 3762 ksh W jupiter:/etc/init.d> + 4724 3762 ksh R + 4724 3762 ksh R + 4724 3762 ksh W uname -a + + 4743 4724 uname W SunOS jupiter 5.10 s10_51 i86pc i386 i86pc + 4724 3762 ksh R + 4724 3762 ksh W jupiter:/etc/init.d> + 4724 3762 ksh R + 4724 3762 ksh R + 4724 3762 ksh W uptime + + 4744 4724 uptime W 11:10pm up 4 day(s), 11:15, 4 users, load average: 0.05, 0.02, 0.02 + 4724 3762 ksh R + 4724 3762 ksh W jupiter:/etc/init.d> + 4724 3762 ksh R + 4724 3762 ksh R + 4724 3762 ksh R + 4724 3762 ksh W jupiter:/etc/init.d> + 4724 3762 ksh R + 4724 3762 ksh R + 4724 3762 ksh W ls -l d* + + 4745 4724 ls W -rwxr--r-- 3 root sys 1292 Jan 14 16:24 devfsadm + 4745 4724 ls W -rwxr--r-- 1 root sys 904 Jan 14 16:24 devlinks + 4745 4724 ls W -rwxr--r-- 6 root sys 621 Jan 14 16:17 dhcp + 4745 4724 ls W -rwxr--r-- 2 root sys 494 Jan 14 16:17 dhcpagent + 4745 4724 ls W -rwxr--r-- 5 root sys 1050 Jan 16 2002 directory + 4745 4724 ls W -rwxr--r-- 2 root sys 779 Jan 14 16:17 domainname + 4745 4724 ls W -rwxr--r-- 1 root sys 469 Jan 14 16:24 drvconfig + 4745 4724 ls W -r-xr-xr-x 4 root other 2804 Mar 27 13:37 dtlogin + 4724 3762 ksh R + 4724 3762 ksh W jupiter:/etc/init.d> + 4724 3762 ksh R + 4724 3762 ksh R + 4724 3762 ksh W find /etc/default + + 4746 4724 find W /etc/default + 4746 4724 find W /etc/default/cron + 4746 4724 find W /etc/default/devfsadm + 4746 4724 find W /etc/default/dhcpagent + 4746 4724 find W /etc/default/fs + 4746 4724 find W /etc/default/inetd + 4746 4724 find W /etc/default/inetinit + 4746 4724 find W /etc/default/kbd + 4746 4724 find W /etc/default/keyserv + 4746 4724 find W /etc/default/ipsec + 4746 4724 find W /etc/default/nss + 4746 4724 find W /etc/default/passwd + 4746 4724 find W /etc/default/syslogd + 4746 4724 find W /etc/default/tar + 4746 4724 find W /etc/default/utmpd + 4746 4724 find W /etc/default/init + 4746 4724 find W /etc/default/login + 4746 4724 find W /etc/default/su + 4746 4724 find W /etc/default/power + 4746 4724 find W /etc/default/sys-suspend + 4746 4724 find W /etc/default/rpc.nisd + 4746 4724 find W /etc/default/nfs +[...] + + + +shellsnoop has a "-q" option for running in "quiet" mode - the previous +columns are not printed, so only shell output is seen, + + # shellsnoop -q + # date + Wed Nov 30 16:19:48 EST 2005 + # + # cal + November 2005 + S M Tu W Th F S + 1 2 3 4 5 + 6 7 8 9 10 11 12 + 13 14 15 16 17 18 19 + 20 21 22 23 24 25 26 + 27 28 29 30 + + # + +The output appears somewhat boring, this is something you need to see +in realtime. + |