strace of all the process running in the system
Loris Degioanni
loris at draios.com
Thu Apr 3 17:23:37 UTC 2014
Interestingly, today my team is releasing an open source tool called
sysdig, which is designed to solve exactly this problem (among several
others).
http://www.sysdig.org/
https://github.com/draios/sysdig
Sysdig's approach is based on capturing the activity of every process in
the system and then applying wireshark-like filters to reduce that
information. It's like a mix between strace , tcpdump and lsof. It also
has a couple of cool features, like the ability to save information into
trace files and a library of Lua scripts.
I'd love to hear what you guys think. And if you like sysdig we could
really use your help spread the word!
On 3/30/2014 11:44 PM, Philippe Ombredanne wrote:
> On Fri, Mar 28, 2014 at 3:18 PM, Volcan Renewed <volcan9000 at gmail.com> wrote:
>> My name is Parashara
>> I would like to know is there any way that we can find the strace of all the
>> process running in the system
>>
>> Using the strace -p option as shown below we can display the strace for a
>> given process id
>>
>> Example
>>
>> sudo strace -p 1542
>>
>>
>> Using the ps command we can display the all the process running in the
>> system
>>
>> ps -ef
>>
>> How to find the strace of all the processes running in the system?
>>
>> Can you just guide me in right direction?
> Hi Parashara!
>
> I am not sure why you would want to do that, yet you could effectively
> as you suggested collect all PIDs and then trace them all, possibly
> with -ff to trace their children and log it all to files.
> Since you can attach to up to 32 process per strace launch (using -p
> multiple times) and a typical running Linux distro has about ~100 to
> 200 processes running, so that sounds possible to achieve with about
> eight "tracers" each running strace with multiple -p.
> Make sure do you do no trace strace itself though... and you might
> want to exclude also your user process that spawns the strace runs.
> Your system might slow down quite a bit if everything is traced ...
> but if you think that tracing them all is what you need, your approach
> might work.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strace.io/pipermail/strace-devel/attachments/20140403/0a6b7cc2/attachment.html>
More information about the Strace-devel
mailing list