.TH bashreadline 8  "2016-01-28" "USER COMMANDS"
.SH NAME
bashreadline \- Print entered bash commands system wide. Uses Linux eBPF/bcc.
.SH SYNOPSIS
.B bashreadline
.SH DESCRIPTION
bashreadline traces the return of the readline() function using uprobes, to
show the bash commands that were entered interactively, system wide. The
entered command may fail: this is just showing what was entered.

This program is also a basic example of eBPF/bcc and uprobes.

This makes use of a Linux 4.5 feature (bpf_perf_event_output()); 
for kernels older than 4.5, see the version under tools/old,
which uses an older mechanism

Since this uses BPF, only the root user can use this tool.
.SH REQUIREMENTS
CONFIG_BPF and bcc.
.SH EXAMPLES
.TP
Trace bash commands system wide:
#
.B bashreadline
.SH FIELDS
.TP
TIME
Time of the command (HH:MM:SS).
.TP
PID
Process ID of the bash shell.
.TP
COMMAND
Entered command.
.SH OVERHEAD
As the rate of interactive bash commands is expected to be very low (<<100/s),
the overhead of this program is expected to be negligible.
.SH SOURCE
This is from bcc.
.IP
https://github.com/iovisor/bcc
.PP
Also look in the bcc distribution for a companion _examples.txt file containing
example usage, output, and commentary for this tool.
.SH OS
Linux
.SH STABILITY
Unstable - in development.
.SH AUTHOR
Brendan Gregg
.SH SEE ALSO
opensnoop(8)