# execsnoop
PCOMM PID PPID RET ARGS
run 12983 4469 0 ./run
bash 12983 4469 0 /bin/bash
svstat 12985 12984 0 /command/svstat /service/httpd
perl 12986 12984 0 /usr/bin/perl -e $l=<>;$l=~/(\d+) sec/;print $1||0
ps 12988 12987 0 /bin/ps --ppid 1 -o pid,cmd,args
grep 12989 12987 0 /bin/grep org.apache.catalina
sed 12990 12987 0 /bin/sed s/^ *//;
cut 12991 12987 0 /usr/bin/cut -d -f 1
xargs 12992 12987 0 /usr/bin/xargs
echo 12993 12992 0 /bin/echo
mkdir 12994 12983 0 /bin/mkdir -v -p /data/tomcat
mkdir 12995 12983 0 /bin/mkdir -v -p /apps/tomcat/webapps
^C
#
