Date: Mon, 17 May 2010 15:19:49 -0400 From: jhell <jhell@dataix.net> To: Dan McNulty <dkmcnulty@gmail.com> Cc: freebsd-hackers@freebsd.org Subject: Re: Efficient way to determine when a child process forks or calls exec Message-ID: <4BF196D5.5030901@dataix.net> In-Reply-To: <AANLkTinO0hqywG7sCWJYXTsayOtad2qnP1SPDn6NzCYm@mail.gmail.com> References: <AANLkTinO0hqywG7sCWJYXTsayOtad2qnP1SPDn6NzCYm@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
This is a multi-part message in MIME format. --------------080707030207080005040309 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit On 05/17/2010 10:33, Dan McNulty wrote: > Hi all, > > I have been experimenting with ptrace to determine when a child > process forks or calls exec. Particularly, I have explored tracing > every system call entry and exit similar to what the truss utility > does, and for my case, the performance impact of tracing every system > call is too great. > > Is there a more efficient way than tracing every system call entry and > exit to determine when a child process forks, calls exec, or creates a > new LWP? > > Thanks a lot for your help! > -Dan Not sure if this is exactly what your looking for but have you looked into possibly using the audit system for tracking these things ? In its own way its really efficient and the utilities that are provided (auditreduce) you might just find a easier way to get the information your looking for. Regards, -- jhell --------------080707030207080005040309--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4BF196D5.5030901>