autrace(8) — Linux manual page


AUTRACE:(8)            System Administration Utilities           AUTRACE:(8)

NAME         top

       autrace - a program similar to strace

SYNOPSIS         top

       autrace program [-r] [program-args]...

DESCRIPTION         top

       autrace is a program that will add the audit rules to trace a process
       similar to strace. It will then execute the program passing arguments
       to it. The resulting audit information will be in the audit logs if
       the audit daemon is running or syslog. This command deletes all audit
       rules prior to executing the target program and after executing it.
       As a safety precaution, it will not run unless all rules are deleted
       with auditctl prior to use.

OPTIONS         top

       -r     Limit syscalls collected to ones needed for analyzing resource
              usage. This could help people doing threat modeling. This
              saves space in logs.

EXAMPLES         top

       The following illustrates a typical session:

       autrace /bin/ls /tmp
       ausearch --start recent -p 2442 -i

       and for resource usage mode:

       autrace -r /bin/ls
       ausearch --start recent -p 2450 --raw | aureport --file --summary
       ausearch --start recent -p 2450 --raw | aureport --host --summary

SEE ALSO         top

       ausearch(8), auditctl(8).

AUTHOR         top

       Steve Grubb

COLOPHON         top

       This page is part of the audit (Linux Audit) project.  Information
       about the project can be found at 
       ⟨⟩.  If you have a bug report
       for this manual page, send it to  This page
       was obtained from the project's upstream Git repository
       ⟨⟩ on 2020-07-14.
       (At that time, the date of the most recent commit that was found in
       the repository was 2020-07-13.)  If you discover any rendering prob‐
       lems in this HTML version of the page, or you believe there is a bet‐
       ter or more up-to-date source for the page, or you have corrections
       or improvements to the information in this COLOPHON (which is not
       part of the original manual page), send a mail to

Red Hat                           Jan 2007                       AUTRACE:(8)

Pages that refer to this page: seccomp(2)