1bashreadline(8)             System Manager's Manual            bashreadline(8)
2
3
4

NAME

6       bashreadline  -  Print  entered  bash  commands system wide. Uses Linux
7       eBPF/bcc.
8

SYNOPSIS

10       bashreadline
11

DESCRIPTION

13       bashreadline  traces  the  return  of  the  readline()  function  using
14       uprobes,  to  show  the  bash commands that were entered interactively,
15       system wide. The entered command may fail: this is  just  showing  what
16       was entered.
17
18       This program is also a basic example of eBPF/bcc and uprobes.
19
20       This  makes  use  of a Linux 4.5 feature (bpf_perf_event_output()); for
21       kernels older than 4.5, see the version under tools/old, which uses  an
22       older mechanism
23
24       Since this uses BPF, only the root user can use this tool.
25

REQUIREMENTS

27       CONFIG_BPF and bcc.
28

EXAMPLES

30       Trace bash commands system wide:
31              # bashreadline
32

FIELDS

34       TIME   Time of the command (HH:MM:SS).
35
36       PID    Process ID of the bash shell.
37
38       COMMAND
39              Entered command.
40

OVERHEAD

42       As  the  rate  of  interactive bash commands is expected to be very low
43       (<<100/s), the overhead of this program is expected to be negligible.
44

SOURCE

46       This is from bcc.
47
48              https://github.com/iovisor/bcc
49
50       Also look in the bcc distribution for a  companion  _examples.txt  file
51       containing example usage, output, and commentary for this tool.
52

OS

54       Linux
55

STABILITY

57       Unstable - in development.
58

AUTHOR

60       Brendan Gregg
61

SEE ALSO

63       opensnoop(8)
64
65
66
67USER COMMANDS                     2016-01-28                   bashreadline(8)
Impressum