From owner-freebsd-hackers@FreeBSD.ORG Mon May 17 19:19:57 2010 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D5E841065765 for ; Mon, 17 May 2010 19:19:54 +0000 (UTC) (envelope-from jhellenthal@gmail.com) Received: from mail-px0-f182.google.com (mail-px0-f182.google.com [209.85.212.182]) by mx1.freebsd.org (Postfix) with ESMTP id E442E8FC08 for ; Mon, 17 May 2010 19:19:53 +0000 (UTC) Received: by pxi7 with SMTP id 7so1420332pxi.13 for ; Mon, 17 May 2010 12:19:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:sender:message-id:date:from :user-agent:mime-version:to:cc:subject:references:in-reply-to :x-enigmail-version:openpgp:content-type; bh=rIEftJzQBYex6Ar5ULXmpUI3/vAog79d/E6SbpqcaN4=; b=vpziJK8xwdUX7KRmV5TOS3FcMYFqpOv9zWKzIzTcenJJWl9L/PuNZJj2uHpm+d3YGH tPDH4BPxmC3/UPd/PsvqSi6/TlUB1pEDE9lBnkiZhbP6RfTUTkKNQo6Pw7k/wcVXf3Ej Gu76yaEGk/OkixcfroSafEVwzuD68KYlsZH3k= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=sender:message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:x-enigmail-version:openpgp:content-type; b=P+Vl11vN4GEg7e7ifOVbqHPm+isL05ltPTGQ8aGHBLjNzKI6khrQZmmEn2FJ0OAHo4 g9HjbrJs5Brpk6XS9tsy+LDic2LXWZc9vlKh+YsAZKzPn1I7QeXYFcCTjE3KBVaivJpY fUugG/sLOe6gRGuNjqDtC+63ioQwt94owBX+w= Received: by 10.142.119.22 with SMTP id r22mr348077wfc.191.1274123993335; Mon, 17 May 2010 12:19:53 -0700 (PDT) Received: from centel.dataix.local (adsl-99-35-14-184.dsl.klmzmi.sbcglobal.net [99.35.14.184]) by mx.google.com with ESMTPS id y27sm1688300wfi.17.2010.05.17.12.19.50 (version=SSLv3 cipher=RC4-MD5); Mon, 17 May 2010 12:19:51 -0700 (PDT) Sender: "J. Hellenthal" Message-ID: <4BF196D5.5030901@dataix.net> Date: Mon, 17 May 2010 15:19:49 -0400 From: jhell User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.9.1.9) Gecko/20100515 Thunderbird/3.0.4 MIME-Version: 1.0 To: Dan McNulty References: In-Reply-To: X-Enigmail-Version: 1.0.1 OpenPGP: id=89D8547E Content-Type: multipart/mixed; boundary="------------080707030207080005040309" X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: freebsd-hackers@freebsd.org Subject: Re: Efficient way to determine when a child process forks or calls exec X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 May 2010 19:19:57 -0000 This is a multi-part message in MIME format. --------------080707030207080005040309 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit On 05/17/2010 10:33, Dan McNulty wrote: > Hi all, > > I have been experimenting with ptrace to determine when a child > process forks or calls exec. Particularly, I have explored tracing > every system call entry and exit similar to what the truss utility > does, and for my case, the performance impact of tracing every system > call is too great. > > Is there a more efficient way than tracing every system call entry and > exit to determine when a child process forks, calls exec, or creates a > new LWP? > > Thanks a lot for your help! > -Dan Not sure if this is exactly what your looking for but have you looked into possibly using the audit system for tracking these things ? In its own way its really efficient and the utilities that are provided (auditreduce) you might just find a easier way to get the information your looking for. Regards, -- jhell --------------080707030207080005040309--