# # Connector - unified userspace <-> kernelspace linker # CONFIG_CONNECTOR=y CONFIG_PROC_EVENTS=y
event-viewer - program to see all fork/exec/exit/uid/gid events on a running system
event-viewer
event-viewer uses the new netlink/fork connector interface from linux >=2.6.15. event-viewer thus receives all fork/exec/exit/uid/gid events.
linux version >=2.6.15.
The following kernel options should be set to be able to use event-viewer.
It is NOT sufficed to set the options to m (module) - they have to be compiled into the kernel.
# # Connector - unified userspace <-> kernelspace linker # CONFIG_CONNECTOR=y CONFIG_PROC_EVENTS=y
as root: nice -n -10 event-viewer
sh-wrapper(8)