LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Software (https://www.linuxquestions.org/questions/linux-software-2/)
-   -   log all run programs (https://www.linuxquestions.org/questions/linux-software-2/log-all-run-programs-876886/)

tinko 04-24-2011 11:25 PM
log all run programs
 
Hello, I want to log all binaries, that are run on my system, no matter wether they are manually run, run by a script or run by another binary.

Is this possible?

corp769 04-24-2011 11:35 PM
Hello,

I have come across this - http://superuser.com/questions/88403...when-on-ubuntu

Is that something you are looking for?

Cheers,

Josh

tinko 04-25-2011 12:24 AM
Thanks for answering.
Unfortunately this is only about logging the programs that are manually started. However I am interested in all started programs, no matter by whom.

One idea that came up to me, was logging the results of ps -A. However if this is done only in a certain interval I would either miss a lot of small processes or get a damn big load of log-files with very few differences. My bash knowledge is extremely limited, is their a trivial solution to store only the lines of the ps -A output that haven't come up in the log so far? I notice several big "jumps", especially early, in the IDs in my ps -A output. Are those gaps reserved by some programs that could be run later or can I rely on new processes to always show up at the end of the output?
Is there a more elegant solution than using ps -A? The aim is still to log every process started, if it is started often, I want to log it every single time.

Valery Reznic 04-25-2011 11:58 PM
Quote:
Originally Posted by tinko (Post 4335151)
Thanks for answering.
Unfortunately this is only about logging the programs that are manually started. However I am interested in all started programs, no matter by whom.

One idea that came up to me, was logging the results of ps -A. However if this is done only in a certain interval I would either miss a lot of small processes or get a damn big load of log-files with very few differences. My bash knowledge is extremely limited, is their a trivial solution to store only the lines of the ps -A output that haven't come up in the log so far? I notice several big "jumps", especially early, in the IDs in my ps -A output. Are those gaps reserved by some programs that could be run later or can I rely on new processes to always show up at the end of the output?
Is there a more elegant solution than using ps -A? The aim is still to log every process started, if it is started often, I want to log it every single time.
You can write your own library, that has execve function with logging and then put name of this library into /etc/ld.preload file
This way (almost) any program will be executed with yours execve instead of system one.

Be sure to test your libraries well (with LD_PRELOAD) before adding it to /etc/ld.preload
Once your library name is here you will have a difficult time to get rid of it, if your library is buggy.

But why you want such a thing in the first place?


All times are GMT -5. The time now is 05:48 AM.