Skip to content

Trace system calls from Docker containers running on the system

License

Notifications You must be signed in to change notification settings

amrabed/strace-docker

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

32 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Build Status GitHub issues GitHub (pre-)release License

strace-docker

Trace system calls from Docker containers running on the system*

Usage

Install

git clone https://github.com/amrabed/strace-docker && sudo ./strace-docker/install

To check if strace-docker is successfully installed and running, use service strace-docker status

Tracing

strace-docker is automatically triggered by docker events to monitor any new Docker container. The resulting trace of system calls is written to a new file at /var/log/strace-docker/. File name will be $id-$image-$timestamp where $id is the container ID, $image is the container image, and $timestamp is the time the container started. You can see full log of monitored containers at /var/log/strace-docker/log.

How to use the strace-docker tool

Known Issues

  • strace-docker does not currently stop tracing process automatically when container is stopped.
  • strace-docker does not resume tracing to the same file on container restart.
  • strace-docker relies internally on Sysdig which limits the number of monitoring processes to 5 by default. Due to strace-docker not killing/stopping monitoring processes automatically, strace-docker stops montioring new containers when 5 containrs are currently monitored. The user then needs to manually stop any strace-docker processes that are no longer needed (i.e., whose containers are not running anymore).

All contributions are welcome :)

* Implemented as part of my Ph.D. dissertation research. See this paper for more details

About

Trace system calls from Docker containers running on the system

Topics

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages