Supported System calls
Storage
| Type | Syscall |
|---|---|
| Data | read, pread64, readv, write, pwrite64, writev, fsync, fdatasync, readahead |
| Metadata | creat, open, openat, close, lseek, truncate, ftruncate, rename, renameat, renameat2, unlink, unlinkat, readlink, readlinkat, stat, lstat, fstat, fstatfs, fstatat |
| Extended Attributes | getxattr, lgetxattr, fgetxattr, setxattr, lsetxattr, fsetxattr, listxattr, llistxattr, flistxattr, removexattr, lremovexattr, fremovexattr |
| Directory | mknod, mknodat |
Network
| Type | Syscall |
|---|---|
| Socket Management | socket, socketpair, bind, connect, listen, accept, accept4 |
| Data Transfer | recvfrom, recvmsg, sendto, sendmsg |
| Socket Options | getsockopt, setsockopt |
Fields
Common fields
| Field | Description |
|---|---|
system_call_name | The name of the intercepted system call. |
time_called | The time the system call started. |
time_returned | The time the system call ended. |
execution_time | Difference between time_called and time_returned (in nanoseconds). |
pid | The identifier of the process that issued the system call. |
tid | The identifier of the thread that issued the system call. |
host | The hostname of the machine. |
thread | Thread name (format: <tid>@<host>). |
comm | The command that issued the system call. |
return_value | The return value of the system call. |