AUTRACE:(8) System Administration Utilities AUTRACE:(8)NAME
autrace - a program similar to strace
SYNOPSIS
autrace program [-r] [program-args]...
DESCRIPTION
autrace is a program that will add the audit rules to trace a process similar to strace. It will then execute the program passing arguments
to it. The resulting audit information will be in the audit logs if the audit daemon is running or syslog. This command deletes all audit
rules prior to executing the target program and after executing it. As a safety precaution, it will not run unless all rules are deleted
with auditctl prior to use.
OPTIONS -r Limit syscalls collected to ones needed for analyzing resource usage. This could help people doing threat modeling. This saves space
in logs.
EXAMPLES
The following illustrates a typical session:
autrace /bin/ls /tmp
ausearch --start recent -p 2442 -i
and for resource usage mode:
autrace -r /bin/ls
ausearch --start recent -p 2450 --raw | aureport --file --summary
ausearch --start recent -p 2450 --raw | aureport --host --summary
SEE ALSO ausearch(8), auditctl(8).
AUTHOR
Steve Grubb
Red Hat Jan 2007 AUTRACE:(8)
Check Out this Related Man Page
AUTRACE:(8) System Administration Utilities AUTRACE:(8)NAME
autrace - a program similar to strace
SYNOPSIS
autrace program [-r] [program-args]...
DESCRIPTION
autrace is a program that will add the audit rules to trace a process similar to strace. It will then execute the program passing arguments
to it. The resulting audit information will be in the audit logs if the audit daemon is running or syslog. This command deletes all audit
rules prior to executing the target program and after executing it. As a safety precaution, it will not run unless all rules are deleted
with auditctl prior to use.
OPTIONS -r Limit syscalls collected to ones needed for analyzing resource usage. This could help people doing threat modeling. This saves space
in logs.
EXAMPLES
The following illustrates a typical session:
autrace /bin/ls /tmp
ausearch --start recent -p 2442 -i
and for resource usage mode:
autrace -r /bin/ls
ausearch --start recent -p 2450 --raw | aureport --file --summary
ausearch --start recent -p 2450 --raw | aureport --host --summary
SEE ALSO ausearch(8), auditctl(8).
AUTHOR
Steve Grubb
Red Hat Jan 2007 AUTRACE:(8)
I shall give a brief explanation of the scenario - I have to send audit trail to the management, whenever a particular id logs in, and logs out. The management should be able to see what that particular id did, when the id was logged on. I have auditing enabled in my server, however, it is in the... (1 Reply)
Hi people,
Please some help over here.
I have logs in a directory, in which I need to get the most recent file in order to put it within other command.
The format of the files are
loadfiles20090308094339_41
loadfiles20090308094418_42
loadfiles20090308095457_43... (4 Replies)
Hi,
I already have one CPP program which invokes the C program.And the C program contains whole function definitions..!This is a working program..I have to enable the logs in both CPP as well as in the C program ..!So I am reading the enviornmental variable log path from the CPP and doing the... (2 Replies)
Hello everyone,
I'm trying to control the access in my server. I did an application that can read audit logs and sys logs with the purpose to send me a report by email with important information about the user. It's a SH file. My problem is start the program when someone makes a ssh connection.... (4 Replies)
maybe we can start a thread to keep a record of administration changes made by yourself or other people but later blew into a huge incident affecting many users.
I'll start first. Recently due to security requirements we decided to disallow ftp usage to all users on all our servers by updating... (2 Replies)
Hi,
does anyone know the equivalent command of the following in AIX :
$ strace -tp 15033
Process 15033 attached - interrupt to quit
11:28:06 gettimeofday({1257766086, 104118}, NULL) = 0
11:28:06 getrusage(RUSAGE_SELF, {ru_utime={2270, 615813}, ru_stime={0, 634903}, ...}) = 0
Thank you (6 Replies)
Hi all
I am trying to add secure and audit logs to logrotate for a client whom wants the logs for a period of 6 months, compressed/zipped weekly for auditing.
I am terrible with logrotate and since there isn't default settings for both logs, I created two new entries in my /etc/logrotate.d/... (7 Replies)
Red Hat Enterprise 4.5 (32 bit)
In strace we see "unexpected reloc type 0x38" What does that code 0x38 mean?
mprotect(0x59a000, 42229760, PROT_READ|PROT_WRITE) = 0
writev(2, unexpected reloc type 0x38", 26}, {"", 0}, {"", 0}, {"\n", 1}], 1
0) = 113
exit_group(127) ... (6 Replies)
Hello all ,
i need some help asap
i have a program that keeps killing the machine
when i did google searches and 2 days later i ran strace
it seems the programm keeps making a system call to gettimeofday
to i guess increment a counter ?
gettimeofday({1347986584, 464904}, NULL) = 0... (6 Replies)
Hi All,
Good day, need some help on strace result. We're encountering oracle Database server connection slowness (using sqlplus login to db server, there have 1 or 2 secs delay) we had generated strace and provide to oracle to investigate, and they told us it look like OS problem (Our OS is Red... (4 Replies)
I need to run and monitor applications on Android Emulator. I am using the strace utility to monitor system calls. Everytime to start strace i need to manually start the application , get the process Id of the application and then give it to strace to start logging all the system calls.
So is... (20 Replies)
I want to run the strace -p xxxx -o in a script to monitor a process that hangs sometimes and requires a restart, my question is if strace is constantly running in the background will it chew up system resources and cause the system slowness? (3 Replies)
Dear all experts in this forum,
I have faced a audit issue as auditor told that we should not have SUID on /bin/su. As I have checked using Google, I found most of the site only telling that /bin/su should have the permission bit as -rwsr-xr-x but never explain why /bin/su need this permission... (4 Replies)
Hello
Helping a friend who had an accounting program called multisoft, hasn't used it for 4 years. I believe it was installed on a Unix box. He has a tax audit and needed to switch on the pc / server to access the data but the hard drive was beeping... totally dead.
He said he had a... (3 Replies)