LinuxQuestions.org - tracing 'create' system call called by any process to kernel

- Linux - General (https://www.linuxquestions.org/questions/linux-general-1/)

- - tracing 'create' system call called by any process to kernel (https://www.linuxquestions.org/questions/linux-general-1/tracing-create-system-call-called-by-any-process-to-kernel-530736/)

viv_nan

02-20-2007 10:47 AM

tracing 'create' system call called by any process to kernel

guys,

i need to know when create system call is called by any process in my system.. how am i to do it..? strace works only for a single process.. is there anythin similar to dtrace in solaris or how should i solve it..

unSpawn

02-20-2007 02:43 PM

Hello and welcome to LQ, hope you like it here.

There's nothing that we can call a true equivalent of Dtrace AFAIK, but the Linux Trace Toolkit (LTT, 2.6 kernels) or SysCallTrack (SCT, 2.4 series) could help. For example in SCT you would just define a rule like:

Code:

rule

{

        syscall_name = create_module

        rule_name = root_create_module_rule

        filter_expression {UID==0}

        action { type = LOG }

}

viv_nan

03-07-2007 09:51 AM

thanks ... i am using systemtap..

jlliagre

03-07-2007 12:09 PM

If you install Solaris Express and Linux on a lx branded zone, you actually can run dtrace on the global zone an see with the lx-syscall provider what Linux system calls are used.

See http://blogs.sun.com/ahl/entry/dtrace_for_linux and http://docs.sun.com/app/docs/doc/819...4o5mdke?a=view for details.

All times are GMT -5. The time now is 06:25 AM.