Re: ANN: syscalltrack 0.80 "Tanned Otter" released

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Muli Ben-Yehuda <mulix@actcom.co.il>
To: Pavel Machek <pavel@ucw.cz>
Cc: Linux-Kernel <linux-kernel@vger.kernel.org>
Subject: Re: ANN: syscalltrack 0.80 "Tanned Otter" released
Date: Tue, 26 Nov 2002 23:03:15 +0200	[thread overview]
Message-ID: <20021126210314.GZ6536@alhambra> (raw)
In-Reply-To: <20021126181947.GB1376@zaurus>

On Tue, Nov 26, 2002 at 07:19:47PM +0100, Pavel Machek wrote:
> Hi!
> 
> > criteria. syscalltrack can operate either in "tweezers mode", where
> > only very specific operations are tracked, such as "only track and log
> > attempts to delete /etc/passwd", or in strace(1) compatible mode,
> > where all of the supported system calls are traced. syscalltrack can
> > do things that are impossible to do with the ptrace mechanism, because
> > its core operates in kernel space. 
> 
> What stuff can you do that ptrace can't?

Everything that stems from being 1) kernel based and 2) system
wide. ptrace is inherently process based - "show me what this process
did". syscalltrack is system wide - "show me *which* process did this
or that."[1]

syscalltrack also has better filtering than strace, and supports
actions - fail the system call if it passed that filter, suspend the
process if it passed that filter, etc. 

Basically, there are things which strace is good for, and there are
things subterfuge is good for, and there are things syscalltrack is
good for. Use the right tool for the job. You can see more about
syscalltrack's capabilities on the website. 

[1] You can probably emulate syscalltrack's system wide behaviour by
ptracing init and all of its forked children, but your system will
slow to a crawl. With syscalltrack, you'll barely feel anything. 
-- 
Muli Ben-Yehuda				    http://www.mulix.org/
mulix@mulix.org:~$ sctrace strace /bin/foo  http://syscalltrack.sf.net/
Quis custodes ipsos custodiet?

next prev parent reply	other threads:[~2002-11-26 20:50 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2002-11-23 20:10 ANN: syscalltrack 0.80 "Tanned Otter" released Muli Ben-Yehuda
2002-11-26 18:19 ` Pavel Machek
2002-11-26 21:03   ` Muli Ben-Yehuda [this message]
2002-11-27 13:29     ` Pavel Machek

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20021126210314.GZ6536@alhambra \
    --to=mulix@actcom.co.il \
    --cc=linux-kernel@vger.kernel.org \
    --cc=pavel@ucw.cz \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.