Chris writes: > So I thought that it might be really easy combining the shellsnoop with > execsnoop scripts that will give me the exec when one of the parent process > is an interactive shell. > > So I have two questions: > > Has anyone done this before or does anybody know how to accomplish what I'm > trying to do?
Instead of dtrace, why wouldn't you use the 'auditing' feature? It's designed with exactly that sort of usage in mind. A quick search like this should give you more information about it: http://www.google.com/search?hl=en&q=site%3Adocs.sun.com+"solaris+auditing"&btnI=I'm+Feeling+Lucky -- James Carlson, Solaris Networking <[EMAIL PROTECTED]> Sun Microsystems / 35 Network Drive 71.232W Vox +1 781 442 2084 MS UBUR02-212 / Burlington MA 01803-2757 42.496N Fax +1 781 442 1677 _______________________________________________ dtrace-discuss mailing list [email protected]
