Quote:
Originally Posted by offog
The (relatively recent) ftrace interface lets you do whole-system tracing by hooking into Linux kernel functions - more or less the equivalent of what SnoopDOS does. There are some handy scripts for this in perf-tools: opensnoop, execsnoop, killsnoop. i did wonder from the names whether the author was thinking of SnoopDOS when he wrote them...
|
Don't you need to be logged as root to use that ?
Don't you get flooded by events too ?
Does it really work on all systems ?