Trace system calls from Docker containers running on the system*
git clone https://github.com/amrabed/strace-docker && sudo ./strace-docker/install
To check if strace-docker
is successfully installed and running, use service strace-docker status
strace-docker
is automatically triggered by docker events
to monitor any new Docker container. The resulting trace of system calls is written to a new file at /var/log/strace-docker/
. File name will be $id-$image-$timestamp
where $id
is the container ID, $image
is the container image, and $timestamp
is the time the container started. You can see full log of monitored containers at /var/log/strace-docker/log
.
strace-docker
does not currently stop tracing process automatically when container is stopped.strace-docker
does not resume tracing to the same file on container restart.strace-docker
relies internally onSysdig
which limits the number of monitoring processes to 5 by default. Due tostrace-docker
not killing/stopping monitoring processes automatically,strace-docker
stops montioring new containers when 5 containrs are currently monitored. The user then needs to manually stop anystrace-docker
processes that are no longer needed (i.e., whose containers are not running anymore).
All contributions are welcome :)
* Implemented as part of my Ph.D. dissertation research. See this paper for more details