| Brendan Gregg | aa87997 | 2016-01-28 22:43:37 -0800 | [diff] [blame] | 1 | Demonstrations of bashreadline, the Linux eBPF/bcc version. |
| 2 | |
| 3 | |
| 4 | This prints bash commands from all running bash shells on the system. For |
| 5 | example: |
| 6 | |
| 7 | # ./bashreadline |
| 8 | TIME PID COMMAND |
| 9 | 05:28:25 21176 ls -l |
| 10 | 05:28:28 21176 date |
| 11 | 05:28:35 21176 echo hello world |
| 12 | 05:28:43 21176 foo this command failed |
| 13 | 05:28:45 21176 df -h |
| 14 | 05:29:04 3059 echo another shell |
| 15 | 05:29:13 21176 echo first shell again |
| 16 | |
| 17 | The entered command may fail. This is just showing what command lines were |
| 18 | entered interactively for bash to process. |
| 19 | |
| 20 | It works by tracing the return of the readline() function using uprobes |
| 21 | (specifically a uretprobe). |