I have root access to a Linux system and need to log processes without installing any additional software, using only built-in tools like top. However, I want the process to run in the background continuously until I manually stop it, whereas top which only shows real-time data.
Here’s what I need:
When the command is executed, it should capture the initial state of all running processes.
If any new process spawns or an existing process terminates, the log should capture the timestamp, the command, and user info for those changes.
When I stop the logging, it should also record the final state of the processes at that moment.
How can I achieve this using pre-installed Linux tools like top?
topinstalled but it certainly isn't required in a minimal system. There is no concept ofbuilt-in Linux tools.topis in theprocpspackage, which is markedPriority: required, so it likely comes installed by default. But that might be more because ofpsitself thantop, and there's no guarantee it comes installed by default on other distributions. Similarly for other tools, it might depend on the distribution which ones come installed by default and which ones don't. Sure, you probably get something like the GNU coreutils on most "big" GNU/Linux distributions, but e.g. on Busybox-based ones you probably don't. So, which distro are you on?NETLINK_CONNECTORwhich could be used to create a C program (b) A link to the execsnoop script from perf-tools.