From owner-freebsd-questions@FreeBSD.ORG  Fri Apr  8 14:41:53 2005
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 7ACA616A4CE
	for <questions@freebsd.org>; Fri,  8 Apr 2005 14:41:53 +0000 (GMT)
Received: from post-24.mail.nl.demon.net (post-24.mail.nl.demon.net
	[194.159.73.194])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 3186E43D1F
	for <questions@freebsd.org>; Fri,  8 Apr 2005 14:41:53 +0000 (GMT)
	(envelope-from albi@scii.nl)
Received: from aseed.demon.nl ([83.160.138.119]:10012
	helo=mail.aseed.antenna.nl)
	by post-24.mail.nl.demon.net with esmtp (Exim 4.43)
	id 1DJugC-0009Rn-Eo; Fri, 08 Apr 2005 14:41:52 +0000
Received: from http.aseed.antenna.nl (unknown [192.168.0.50])
	by mail.aseed.antenna.nl (Postfix) with ESMTP id 03C7B154924;
	Fri,  8 Apr 2005 16:43:21 +0200 (CEST)
Received: from localhost.localdomain (f80052.upc-f.chello.nl [80.56.80.52])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by http.aseed.antenna.nl (Postfix) with ESMTP id F081058CB6B;
	Fri,  8 Apr 2005 16:41:51 +0200 (CEST)
Date: Fri, 8 Apr 2005 16:41:54 +0200
From: "albi@scii.nl" <albi@scii.nl>
To: Richard Morse <remorse@partners.org>
Message-Id: <20050408164154.48d9ef51.albi@scii.nl>
In-Reply-To: <0C6023A0-A83B-11D9-B765-000A956EB07E@partners.org>
References: <0C6023A0-A83B-11D9-B765-000A956EB07E@partners.org>
X-Mailer: Sylpheed version 1.0.4 (GTK+ 1.2.10; i386-pc-linux-gnu)
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
cc: questions@freebsd.org
Subject: Re: Any way to log all process launches?
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Apr 2005 14:41:53 -0000

On Fri, 8 Apr 2005 10:32:34 -0400
Richard Morse <remorse@partners.org> wrote:

> Hi!  I'm trying to track down an odd problem, for which it would be 
> very useful to be able to have the computer keep track of every
> process  that gets created -- ie, keep a list of every fork / exec
> that occurs.   Is this possible?

take a look at the manpages of accton, sa, and perhaps also lsof

see also here :
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/security-accounting.html