Y
Hacker News
new
|
ask
|
show
|
jobs
by
xuhu
298 days ago
This can trace all processes on the host while strace traces one PID and its descendants. And bpf tracing does not stop processes at each syscall, so they run without slowdowns.
1 comments
notepad0x90
298 days ago
I think auditd can trace all syscalls system wide and let you filter as well. But it is a daemon whereas this is a tool you can run and interact with.
link