Man page - bashreadline-bpfcc(8)
Packages contas this manual
- tcpcong-bpfcc(8)
- bindsnoop-bpfcc(8)
- runqlen-bpfcc(8)
- cachestat-bpfcc(8)
- mdflush-bpfcc(8)
- ucalls(8)
- tcprtt-bpfcc(8)
- ksnoop-bpfcc(8)
- javaflow-bpfcc(8)
- phpstat-bpfcc(8)
- wqlat-bpfcc(8)
- vfscount-bpfcc(8)
- funclatency-bpfcc(8)
- rubystat-bpfcc(8)
- nodegc-bpfcc(8)
- btrfsdist-bpfcc(8)
- swapin-bpfcc(8)
- wakeuptime-bpfcc(8)
- btrfsslower-bpfcc(8)
- pythongc-bpfcc(8)
- tcplife-bpfcc(8)
- cpudist-bpfcc(8)
- trace-bpfcc(8)
- capable-bpfcc(8)
- rubyobjnew-bpfcc(8)
- nodestat-bpfcc(8)
- rubyflow-bpfcc(8)
- offcputime-bpfcc(8)
- gethostlatency-bpfcc(8)
- tcpretrans-bpfcc(8)
- zfsdist-bpfcc(8)
- dbstat-bpfcc(8)
- tcpconnect-bpfcc(8)
- cobjnew-bpfcc(8)
- criticalstat-bpfcc(8)
- deadlock-bpfcc(8)
- dirtop-bpfcc(8)
- biosnoop-bpfcc(8)
- drsnoop-bpfcc(8)
- ext4dist-bpfcc(8)
- biolatency-bpfcc(8)
- argdist-bpfcc(8)
- funccount-bpfcc(8)
- pythonstat-bpfcc(8)
- klockstat-bpfcc(8)
- execsnoop-bpfcc(8)
- mountsnoop-bpfcc(8)
- tclobjnew-bpfcc(8)
- virtiostat-bpfcc(8)
- javastat-bpfcc(8)
- threadsnoop-bpfcc(8)
- profile-bpfcc(8)
- bpflist-bpfcc(8)
- statsnoop-bpfcc(8)
- inject-bpfcc(8)
- stackcount-bpfcc(8)
- pythonflow-bpfcc(8)
- perlstat-bpfcc(8)
- spfdsnoop-bpfcc(8)
- rubycalls-bpfcc(8)
- opensnoop-bpfcc(8)
- pidpersec-bpfcc(8)
- tcpstates-bpfcc(8)
- filegone-bpfcc(8)
- kvmexit-bpfcc(8)
- javathreads-bpfcc(8)
- phpflow-bpfcc(8)
- nfsdist-bpfcc(8)
- oomkill-bpfcc(8)
- tclflow-bpfcc(8)
- dcstat-bpfcc(8)
- rubygc-bpfcc(8)
- runqslower-bpfcc(8)
- rdmaucma-bpfcc(8)
- reset-trace-bpfcc(8)
- dbslower-bpfcc(8)
- ustat(8)
- shmsnoop-bpfcc(8)
- vfsstat-bpfcc(8)
- biopattern-bpfcc(8)
- llcstat-bpfcc(8)
- netqtop-bpfcc(8)
- javagc-bpfcc(8)
- syscount-bpfcc(8)
- cthreads-bpfcc(8)
- filelife-bpfcc(8)
- biolatpcts-bpfcc(8)
- bitesize-bpfcc(8)
- javaobjnew-bpfcc(8)
- ttysnoop-bpfcc(8)
- slabratetop-bpfcc(8)
- tcpsubnet-bpfcc(8)
- zfsslower-bpfcc(8)
- xfsdist-bpfcc(8)
- dcsnoop-bpfcc(8)
- tcpaccept-bpfcc(8)
- syncsnoop-bpfcc(8)
- tcptracer-bpfcc(8)
- tclstat-bpfcc(8)
- cpuunclaimed-bpfcc(8)
- mysqld_qslower-bpfcc(8)
- filetop-bpfcc(8)
- funcinterval-bpfcc(8)
- tcpconnlat-bpfcc(8)
- uobjnew(8)
- uthreads(8)
- runqlat-bpfcc(8)
- sofdsnoop-bpfcc(8)
- readahead-bpfcc(8)
- memleak-bpfcc(8)
- tcpsynbl-bpfcc(8)
- biotop-bpfcc(8)
- fileslower-bpfcc(8)
- uflow(8)
- tcpdrop-bpfcc(8)
- phpcalls-bpfcc(8)
- killsnoop-bpfcc(8)
- cachetop-bpfcc(8)
- ugc(8)
- f2fsslower-bpfcc(8)
- softirqs-bpfcc(8)
- bashreadline-bpfcc(8)
- pythoncalls-bpfcc(8)
- tclcalls-bpfcc(8)
- perlflow-bpfcc(8)
- compactsnoop-bpfcc(8)
- ppchcalls-bpfcc(8)
- tplist-bpfcc(8)
- solisten-bpfcc(8)
- exitsnoop-bpfcc(8)
- funcslower-bpfcc(8)
- sslsniff-bpfcc(8)
- offwaketime-bpfcc(8)
- perlcalls-bpfcc(8)
- nfsslower-bpfcc(8)
- xfsslower-bpfcc(8)
- javacalls-bpfcc(8)
- tcptop-bpfcc(8)
- hardirqs-bpfcc(8)
- ext4slower-bpfcc(8)
apt-get install bpfcc-tools
Manual
| bashreadline(8) | System Manager's Manual | bashreadline(8) |
NAME
bashreadline - Print entered bash commands system wide. Uses Linux eBPF/bcc.
SYNOPSIS
bashreadline [-h] [-s SHARED]
DESCRIPTION
bashreadline traces the return of the readline() function using uprobes, to show the bash commands that were entered interactively, system wide. The entered command may fail: this is just showing what was entered.
This program is also a basic example of eBPF/bcc and uprobes.
This makes use of a Linux 4.4 feature (bpf_perf_event_output()); for kernels older than 4.4, see the version under tools/old, which uses an older mechanism
Since this uses BPF, only the root user can use this tool.
REQUIREMENTS
CONFIG_BPF and bcc.
OPTIONS
EXAMPLES
- Trace bash commands system wide:
- # bashreadline
FIELDS
OVERHEAD
As the rate of interactive bash commands is expected to be very low (<<100/s), the overhead of this program is expected to be negligible.
SOURCE
This is from bcc.
- https://github.com/iovisor/bcc
Also look in the bcc distribution for a companion _examples.txt file containing example usage, output, and commentary for this tool.
OS
Linux
STABILITY
Unstable - in development.
AUTHOR
Brendan Gregg
SEE ALSO
opensnoop(8)
| 2016-01-28 | USER COMMANDS |