|
NAME | SYNOPSIS | DESCRIPTION | OPTIONS | EXAMPLES | SEE ALSO | AUTHOR | COLOPHON |
AUTRACE:(8) System Administration Utilities AUTRACE:(8)
autrace - a program similar to strace
autrace program [-r] [program-args]...
autrace is a program that will add the audit rules to trace a process
similar to strace. It will then execute the program passing arguments
to it. The resulting audit information will be in the audit logs if
the audit daemon is running or syslog. This command deletes all audit
rules prior to executing the target program and after executing it.
As a safety precaution, it will not run unless all rules are deleted
with auditctl prior to use.
-r Limit syscalls collected to ones needed for analyzing resource
usage. This could help people doing threat modeling. This
saves space in logs.
The following illustrates a typical session:
autrace /bin/ls /tmp
ausearch --start recent -p 2442 -i
and for resource usage mode:
autrace -r /bin/ls
ausearch --start recent -p 2450 --raw | aureport --file --summary
ausearch --start recent -p 2450 --raw | aureport --host --summary
ausearch(8), auditctl(8).
Steve Grubb
This page is part of the audit (Linux Audit) project. Information
about the project can be found at
⟨http://people.redhat.com/sgrubb/audit/⟩. If you have a bug report
for this manual page, send it to linux-audit@redhat.com. This page
was obtained from the project's upstream Git repository
⟨https://github.com/linux-audit/audit-userspace.git⟩ on 2017-07-05.
If you discover any rendering problems in this HTML version of the
page, or you believe there is a better or more up-to-date source for
the page, or you have corrections or improvements to the information
in this COLOPHON (which is not part of the original manual page),
send a mail to man-pages@man7.org
Red Hat Jan 2007 AUTRACE:(8)