How to get the complete behavior of the program, including the behavior of the child process

[cc-sir]

I need to track all the system calls of the process, but I can't get the behavior of the child process, the command I usually use is "sudo sysdig proaname=sir or proc.name=sir or proc.apid=5478";
However, I cannot get the behavior of the cloned child process:

....
43298 17:34:02.341990766 0 sir (5481) < getppid 
43299 17:34:02.341990908 0 sir (5481) > clock_gettime 
43300 17:34:02.341992129 0 sir (5481) < clock_gettime 
43301 17:34:02.341993573 0 sir (5481) > prctl 
43302 17:34:02.341994491 0 sir (5481) < prctl 
43303 17:34:02.341994693 0 sir (5481) > write fd=1(<p>) size=15 
43304 17:34:02.341996217 0 sir (5481) < write res=15 data=listening tun0. 
43305 17:34:02.341996500 0 sir (5481) > write fd=1(<p>) size=1 
43306 17:34:02.341996921 0 sir (5481) < write res=1 data=. 
43307 17:34:02.341997228 0 sir (5481) > clone 
43308 17:34:02.342019416 0 sir (5481) < clone res=5482(57335egcrrhiwci) exe=1e7nuh8nwl7ndapv args=ir. tid=5481(sir) pid=5481(sir) ptid=5478(python) cwd= fdlimit=1024 pgft_maj=0 pgft_min=120 vm_size=1148 vm_rss=4 vm_swap=0 comm=57335egcrrhiwci cgroups=cpuset=/.cpu=/.cpuacct=/.io=/.memory=/user.slice/user-1000.slice/user@1000.se... flags=25165824(CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID) uid=1000 gid=1000 vtid=5481(sir) vpid=5481(sir) 
43309 17:34:02.342034191 0 sir (5481) > exit_group 
43310 17:34:02.342050709 0 sir (5481) > procexit status=0 

What should I do or what command should I use, thanks!

[github-actions]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.