1bashreadline(8)             System Manager's Manual            bashreadline(8)
2
3
4

NAME

6       bashreadline.bt - Print bash commands system wide. Uses bpftrace/eBPF.
7

SYNOPSIS

9       bashreadline.bt
10

DESCRIPTION

12       bashreadline  traces  the return of the readline() function using uret‐
13       probes, to show the bash commands that were entered interactively, sys‐
14       tem  wide.  The entered command may fail: this is just showing what was
15       entered.
16
17       This program is also a basic example of bpftrace and uretprobes.
18
19       Since this uses BPF, only the root user can use this tool.
20

REQUIREMENTS

22       CONFIG_BPF and bpftrace.
23

EXAMPLES

25       Trace bash commands system wide:
26              # bashreadline.bt
27

FIELDS

29       TIME   A timestamp on the output, in "HH:MM:SS" format.
30
31       PID    The process ID for bash.
32
33       COMMAND
34              Entered command.
35

OVERHEAD

37       As the rate of interactive bash commands is expected  to  be  very  low
38       (<<100/s), the overhead of this program is expected to be negligible.
39

SOURCE

41       This is from bpftrace.
42
43              https://github.com/iovisor/bpftrace
44
45       Also  look  in  the bpftrace distribution for a companion _examples.txt
46       file containing example usage, output, and commentary for this tool.
47
48       This is a bpftrace version of the bcc tool of the same  name.  The  bcc
49       tool may provide more options and customizations.
50
51              https://github.com/iovisor/bcc
52

OS

54       Linux
55

STABILITY

57       Unstable - in development.
58

AUTHOR

60       Brendan Gregg
61

SEE ALSO

63       opensnoop(8)
64
65
66
67USER COMMANDS                     2018-09-06                   bashreadline(8)
Impressum