https://github.com/amrabed/strace-docker

Trace system calls from Docker containers running on the system
https://github.com/amrabed/strace-docker

docker shell sysdig

Last synced: 10 months ago
JSON representation

Trace system calls from Docker containers running on the system

• Host: GitHub
• URL: https://github.com/amrabed/strace-docker
• Owner: amrabed
• License: mit
• Created: 2015-01-05T15:26:03.000Z (about 11 years ago)
• Default Branch: master
• Last Pushed: 2023-04-27T22:58:21.000Z (almost 3 years ago)
• Last Synced: 2025-03-30T17:04:19.110Z (11 months ago)
• Topics: docker, shell, sysdig
• Language: Shell
• Size: 23.4 KB
• Stars: 32
• Watchers: 5
• Forks: 5
• Open Issues: 3
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

          
[![Build Status](https://travis-ci.org/amrabed/strace-docker.svg?branch=master)](https://travis-ci.org/amrabed/strace-docker)

[![GitHub issues](https://img.shields.io/github/issues/amrabed/strace-docker.svg)](https://github.com/amrabed/strace-docker/issues)

[![GitHub (pre-)release](https://img.shields.io/github/release/amrabed/strace-docker/all.svg)](https://github.com/amrabed/strace-docker/releases)

[![License](https://img.shields.io/badge/license-MIT-blue.svg)](LICENSE)

# strace-docker

Trace system calls from Docker containers running on the system*

## Usage

### Install

    git clone https://github.com/amrabed/strace-docker && sudo ./strace-docker/install

    

To check if `strace-docker` is successfully installed and running, use `service strace-docker status`

### Tracing

`strace-docker` is automatically triggered by [`docker events`](https://docs.docker.com/engine/reference/commandline/events) to monitor any new Docker container. The resulting trace of system calls is written to a new file at `/var/log/strace-docker/`. File name will be `$id-$image-$timestamp` where `$id` is the container ID, `$image` is the container image, and `$timestamp` is the time the container started. You can see full log of monitored containers at `/var/log/strace-docker/log`.

[![How to use the strace-docker tool](https://img.youtube.com/vi/iWywV_4Y34E/0.jpg)](https://www.youtube.com/watch?v=iWywV_4Y34E)

## Known Issues

- `strace-docker` does not currently stop tracing process automatically when container is stopped.

- `strace-docker` does not resume tracing to the same file on container restart.

- `strace-docker` relies internally on [`Sysdig`](https://sysdig.com) which limits the number of monitoring processes to 5 by default. Due to `strace-docker` not killing/stopping monitoring processes automatically, `strace-docker` stops montioring new containers when 5 containrs are currently monitored. The user then needs to manually stop any `strace-docker` processes that are no longer needed (i.e., whose containers are not running anymore).

All contributions are welcome :)

* Implemented as part of my Ph.D. dissertation research. See [this paper](https://arxiv.org/abs/1611.03056) for more details