strace entire operating system to get strace logs of all processes simultaneously

Question

Currently, I am taking up the long method of doing this by getting a list of processes using the following command

sudo ps -eo pid,command | grep -v grep | awk '{print $1}' > pids.txt

And then iterating through the process ids and executing in background the strace of each process and generating logs for each process with the process id in the log's extension

filename="$1"
while read -r line
do
chmod +x straceProgram.sh
./straceProgram.sh $line &
done < "$filename"

straceProgram.sh

pid="$1"
sudo strace -p $pid -o log.$pid

However, the problem with this approach is that if there is any new process which gets started, it will not be straced since the strace is on the process ids stored in the pids.txt during the first run. The list of pids.txt can be updated with new process ids, however, I was inquisitive on running a strace at an operating system level which would strace all the activities being performed. Could there be a better way to do this?

Answer 1

use the strace -f (fork) option, also I suggest the -s 9999 for more details

Answer 2

If your resulting filesystem is going to be a kernel filesystem driver, I would recommend using tracefs to gather the information you require. I would recommend against making this a kernel filesystem unless you have a lot of time and a lot of testing resources. It is not trivial.

If you want an easier, safer alternative, write your filesystem using fuse. The downside is that performance is not quite as good and there are a few places where it cannot be used, but it is often acceptable. Note that there is already an implementation of a logging filesystem under fuse.