If it were me, I probably would have ran it under strace and piped the output to a file. It probably would have worked, but it’s not as precise as this way.
shellsnoop and opensnoop look like extremely useful tools that I’ve never heard of. I have resorted to a custom .so and LD_PRELOAD trickery to get that info in the past.
The things you can do with eBPF are pretty crazy. There’s a pretty steep learning curve to access the full power, and I hope a set of higher-level tools that solve for common cases will evolve and reach critical mass so it’s the first thing you reach for. On the other hand, I still type ifconfig instead of ip addr, so…
Those are neat tools to know about.
If it were me, I probably would have ran it under strace and piped the output to a file. It probably would have worked, but it’s not as precise as this way.
shellsnoopandopensnooplook like extremely useful tools that I’ve never heard of. I have resorted to a custom.soandLD_PRELOADtrickery to get that info in the past.The things you can do with eBPF are pretty crazy. There’s a pretty steep learning curve to access the full power, and I hope a set of higher-level tools that solve for common cases will evolve and reach critical mass so it’s the first thing you reach for. On the other hand, I still type
ifconfiginstead ofip addr, so…