Re: Is there an API to get the process command line?


Matheus Marchini <mat@...>
 

There's no API to access command line args. BPF_FUNC_get_current_comm
will give you the task name. If it's not enough, you can try to get it
via task_struct. Look for get_task_cmdline fs/proc/base.c in the
Kernel source code as a starting point to get the cmdline from a
task_struct.

On Wed, Jan 1, 2020 at 7:56 AM <rganesan+iovisor@...> wrote:

Hi all,

bcc monitoring tools which print a process being traced print only the command (and pid, ppid) without the full args. In many cases the monitored command is a script, so the command is just printed as (for example) "python" which isn't very useful. I couldn't find a bpf API to get the command line args.

Ganesan

Join iovisor-dev@lists.iovisor.org to automatically receive all group messages.