Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

Capture commands that launched processes UNIX
If you know the name of a running command line process, but don't know the precise command line with which it was invoked, you can run a command such as this one to return the complete command:
ps -axwwo command | grep lame | grep -v grep > ~/Desktop/lame_command.txt
This example would save a file to your desktop containing the commands that initiated running processes which included the term lame, for example.
    •    
  • Currently 1.00 / 5
  • 1
  • 2
  • 3
  • 4
  • 5
  (1 vote cast)
 
[5,410 views]  

Capture commands that launched processes | 7 comments | Create New Account
Click here to return to the 'Capture commands that launched processes' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Just a related trick
Authored by: javierhz on Jun 29, '07 09:51:42AM

The following line does the same faster and easier:

ps -axwwo command | grep [l]ame > ~/Desktop/lame_command.txt

As the brackets are controlled by the shell you won't need to filter by the previous grep.



[ Reply to This | # ]
Just a related trick
Authored by: llee on Jun 29, '07 02:41:46PM

Thanks!

Can you offer a command that will log all shell commands initiated during a specified time interval?



[ Reply to This | # ]
Just a related trick
Authored by: S Barman on Jun 29, '07 08:56:58PM
Try using the script command. Just type script on the command line. It will create a file called typescript that will capture everything. When you are finished, just press CONTROL-D to end.

[ Reply to This | # ]
Just a related trick
Authored by: llee on Jul 03, '07 07:45:22PM

That appears to capture commands entered into the terminal window. What I'm looking for is a way to capture all commands executed on the machine between start time and end time I specify.



[ Reply to This | # ]
Just a related trick
Authored by: tom_b on Jun 30, '07 02:33:53PM
ps -axwwo command | grep [l]ame > ~/Desktop/lame_command.txt

As the brackets are controlled by the shell you won't need to filter by the previous grep.

The brackets in the pattern '[l]ame' are not controlled by the shell, instead they're passed to grep which expects a list of characters between the brackets any of which will match (in this case just 'l').

It still achieves the same effect because as a pattern '[l]ame' will match the string 'lame' but not the string '[l]ame'.

That's probably more confusing than helpful - sorry! It is a neat trick.



[ Reply to This | # ]
Capture commands that launched processes
Authored by: javierhz on Jun 29, '07 05:08:23PM

Well, if I'm not wrong, there's no direct way to do this using "standard" shell script commands. As 'ps' shows the start time in 3 different formats depending on how distant it is from current time, you can create 3 functions to load the time and convert it, for example, to seconds from the epoch. Once you have the time in seconds it's very easy to test which is between limits and print it.

There are many ways to achieve that issue, ranging from awk and 'tail -n +2' with other standard shell scripting filters to integrated scripting languages.

As an alternative you can look for the items by yourself showing the start time:
ps -axwwo start -o command | grep [l]ame > ~/Desktop/lame_command.txt

If you write it, please, post it for the community as a new thread ;)



[ Reply to This | # ]
Correction to my previous comment
Authored by: javierhz on Jun 29, '07 05:52:15PM

Sorry, I'm asleep. If you want to look for concrete processes on time, you can use 'lstart' instead of 'start' to get a "normalized" time string, much easier to compare with others. So:

ps -axwwo lstart -o command

may be a good/better starting point.



[ Reply to This | # ]