aboutsummaryrefslogtreecommitdiff
path: root/Man/man1m/execsnoop.1m
diff options
context:
space:
mode:
Diffstat (limited to 'Man/man1m/execsnoop.1m')
-rw-r--r--Man/man1m/execsnoop.1m108
1 files changed, 108 insertions, 0 deletions
diff --git a/Man/man1m/execsnoop.1m b/Man/man1m/execsnoop.1m
new file mode 100644
index 000000000000..a7114cec58d0
--- /dev/null
+++ b/Man/man1m/execsnoop.1m
@@ -0,0 +1,108 @@
+.TH execsnoop 1m "$Date:: 2007-08-05 #$" "USER COMMANDS"
+.SH NAME
+execsnoop \- snoop new process execution. Uses DTrace.
+.SH SYNOPSIS
+.B execsnoop
+[\-a|\-A|\-ejhsvZ] [\-c command]
+.SH DESCRIPTION
+execsnoop prints details of new processes as they are executed.
+Details such as UID, PID and argument listing are printed out.
+
+This program is very useful to examine short lived processes that would
+not normally appear in a prstat or "ps -ef" listing. Sometimes
+applications will run hundreds of short lived processes in their
+normal startup cycle, a behaviour that is easily monitored with execsnoop.
+
+Since this uses DTrace, only the root user or users with the
+dtrace_kernel privilege can run this command.
+.SH OS
+Solaris
+.SH STABILITY
+stable - needs the syscall provider.
+.SH OPTIONS
+.TP
+\-a
+print all data
+.TP
+\-A
+dump all data, space delimited
+.TP
+\-e
+safe output, parseable. This prevents the ARGS field containing "\\n"s,
+to assist postprocessing.
+.TP
+\-j
+print project ID
+.TP
+\-s
+print start time, us
+.TP
+\-v
+print start time, string
+.TP
+\-Z
+print zonename
+.TP
+\-c command
+command name to snoop
+.SH EXAMPLES
+.TP
+Default output, print processes as they are executed,
+#
+.B execsnoop
+.TP
+Print human readable timestamps,
+#
+.B execsnoop
+\-v
+.TP
+Print zonename,
+#
+.B execsnoop
+\-Z
+.TP
+Snoop this command only,
+#
+.B execsnoop
+\-f ls
+.PP
+.SH FIELDS
+.TP
+UID
+User ID
+.TP
+PID
+Process ID
+.TP
+PPID
+Parent Process ID
+.TP
+COMM
+command name for the process
+.TP
+ARGS
+argument listing for the process
+.TP
+ZONE
+zonename
+.TP
+PROJ
+project ID
+.TP
+TIME
+timestamp for the exec event, us
+.TP
+STRTIME
+timestamp for the exec event, string
+.SH DOCUMENTATION
+See the DTraceToolkit for further documentation under the
+Docs directory. The DTraceToolkit docs may include full worked
+examples with verbose descriptions explaining the output.
+.SH EXIT
+execsnoop will run forever until Ctrl\-C is hit.
+.SH AUTHOR
+Brendan Gregg
+[Sydney, Australia]
+.SH SEE ALSO
+dtrace(1M), truss(1)
+
generated by cgit v1.2.3 (git 2.25.1) at 2024-04-26 14:14:20 +0000