.TH bashreadline 8  "2018-09-06" "USER COMMANDS"
.SH NAME
bashreadline.bt \- Print bash commands system wide. Uses bpftrace/eBPF.
.SH SYNOPSIS
.B bashreadline.bt
.SH DESCRIPTION
bashreadline traces the return of the readline() function using uretprobes, to
show the bash commands that were entered interactively, system wide. The
entered command may fail: this is just showing what was entered.

This program is also a basic example of bpftrace and uretprobes.

Since this uses BPF, only the root user can use this tool.
.SH REQUIREMENTS
CONFIG_BPF and bpftrace.
.SH EXAMPLES
.TP
Trace bash commands system wide:
#
.B bashreadline.bt
.SH FIELDS
.TP
TIME
A timestamp on the output, in "HH:MM:SS" format.
.TP
PID
The process ID for bash.
.TP
COMMAND
Entered command.
.SH OVERHEAD
As the rate of interactive bash commands is expected to be very low (<<100/s),
the overhead of this program is expected to be negligible.
.SH SOURCE
This is from bpftrace.
.IP
https://github.com/iovisor/bpftrace
.PP
Also look in the bpftrace distribution for a companion _examples.txt file
containing example usage, output, and commentary for this tool.

This is a bpftrace version of the bcc tool of the same name. The bcc tool
may provide more options and customizations.
.IP
https://github.com/iovisor/bcc
.SH OS
Linux
.SH STABILITY
Unstable - in development.
.SH AUTHOR
Brendan Gregg
.SH SEE ALSO
opensnoop(8)