bcc-bashreadline(8)

1bashreadline(8)             System Manager's Manual            bashreadline(8)
2
3
4

NAME

6       bashreadline  -  Print  entered  bash  commands system wide. Uses Linux
7       eBPF/bcc.
8

SYNOPSIS

10       bashreadline [-h] [-s SHARED]
11

DESCRIPTION

13       bashreadline  traces  the  return  of  the  readline()  function  using
14       uprobes,  to  show  the  bash commands that were entered interactively,
15       system wide. The entered command may fail: this is  just  showing  what
16       was entered.
17
18       This program is also a basic example of eBPF/bcc and uprobes.
19
20       This  makes  use  of a Linux 4.4 feature (bpf_perf_event_output()); for
21       kernels older than 4.4, see the version under tools/old, which uses  an
22       older mechanism
23
24       Since this uses BPF, only the root user can use this tool.
25

REQUIREMENTS

27       CONFIG_BPF and bcc.
28

OPTIONS

30       -h     Print usage message.
31
32       -s     Specify  the  location of libreadline.so shared library when you
33              failed to run the script directly with error: "Exception:  could
34              not  determine  address  of symbol ´readline´". Default value is
35              /lib/libreadline.so.
36

EXAMPLES

38       Trace bash commands system wide:
39              # bashreadline
40

FIELDS

42       TIME   Time of the command (HH:MM:SS).
43
44       PID    Process ID of the bash shell.
45
46       COMMAND
47              Entered command.
48

OVERHEAD

50       As the rate of interactive bash commands is expected  to  be  very  low
51       (<<100/s), the overhead of this program is expected to be negligible.
52

SOURCE

54       This is from bcc.
55
56              https://github.com/iovisor/bcc
57
58       Also  look  in  the bcc distribution for a companion _examples.txt file
59       containing example usage, output, and commentary for this tool.
60

OS

62       Linux
63

STABILITY

65       Unstable - in development.
66

AUTHOR

68       Brendan Gregg
69