autrace(8) — Linux manual page


AUTRACE(8)           System Administration Utilities          AUTRACE(8)

NAME         top

       autrace - a program similar to strace

SYNOPSIS         top

       autrace program [-r] [program-args]...

DESCRIPTION         top

       autrace is a program that will add the audit rules to trace a
       process similar to strace. It will then execute the program
       passing arguments to it. The resulting audit information will be
       in the audit logs if the audit daemon is running or syslog. This
       command deletes all audit rules prior to executing the target
       program and after executing it. As a safety precaution, it will
       not run unless all rules are deleted with auditctl prior to use.

OPTIONS         top

       -r     Limit syscalls collected to ones needed for analyzing
              resource usage. This could help people doing threat
              modeling. This saves space in logs.

EXAMPLES         top

       The following illustrates a typical session:

       autrace /bin/ls /tmp
       ausearch --start recent -p 2442 -i

       and for resource usage mode:

       autrace -r /bin/ls
       ausearch --start recent -p 2450 --raw | aureport --file --summary
       ausearch --start recent -p 2450 --raw | aureport --host --summary

SEE ALSO         top

       ausearch(8), auditctl(8).

AUTHOR         top

       Steve Grubb

COLOPHON         top

       This page is part of the audit (Linux Audit) project.
       Information about the project can be found at 
       ⟨⟩.  If you have a bug
       report for this manual page, send it to
       This page was obtained from the project's upstream Git repository
       ⟨⟩ on
       2023-06-23.  (At that time, the date of the most recent commit
       that was found in the repository was 2023-06-22.)  If you
       discover any rendering problems in this HTML version of the page,
       or you believe there is a better or more up-to-date source for
       the page, or you have corrections or improvements to the
       information in this COLOPHON (which is not part of the original
       manual page), send a mail to

Red Hat                         Jan 2007                      AUTRACE(8)

Pages that refer to this page: seccomp(2)