AUTRACE:(8) System Administration Utilities AUTRACE:(8)
autrace - a program similar to strace
autrace program [-r] [program-args]...
autrace is a program that will add the audit rules to trace a process similar to strace. It will then execute the program passing arguments to it. The resulting audit information will be in the audit logs if the audit daemon is running or syslog. This command deletes all audit rules prior to executing the target program and after executing it. As a safety precaution, it will not run unless all rules are deleted with auditctl prior to use.
-r Limit syscalls collected to ones needed for analyzing resource usage. This could help people doing threat modeling. This saves space in logs.
The following illustrates a typical session: autrace /bin/ls /tmp ausearch --start recent -p 2442 -i and for resource usage mode: autrace -r /bin/ls ausearch --start recent -p 2450 --raw | aureport --file --summary ausearch --start recent -p 2450 --raw | aureport --host --summary
This page is part of the audit (Linux Audit) project. Information about the project can be found at ⟨http://people.redhat.com/sgrubb/audit/⟩. If you have a bug report for this manual page, send it to email@example.com. This page was obtained from the project's upstream Git repository ⟨https://github.com/linux-audit/audit-userspace.git⟩ on 2020-07-14. (At that time, the date of the most recent commit that was found in the repository was 2020-07-13.) If you discover any rendering prob‐ lems in this HTML version of the page, or you believe there is a bet‐ ter or more up-to-date source for the page, or you have corrections or improvements to the information in this COLOPHON (which is not part of the original manual page), send a mail to firstname.lastname@example.org Red Hat Jan 2007 AUTRACE:(8)
Pages that refer to this page: seccomp(2)