Sometimes a process comes and goes faster than I can ps aux, I tried watch -d -n0.1 "ps aux | tail" but again, that's restricted to 1/10th of a second. What I really want is to run a command and follow all new processes, one per line, as they spawn. Even processes that run fast. I know strace has abilities similar to this but I haven't been able to get it to do what I want.
tl;dr : is there a way to log all new processes?
I don't want to know much, no more than a line of ps aux would give me, for the current case I just have a process that's spawned by another and disappears, I want to be able to run it, but I don't know what the command would be. Even knowing new PIDs would be sufficient, since I could figure a script that would take these and run ps | grep on these and give me more info while the process is running (assuming hopefully the process is still around when ps gets going)
Best Answer
What do you want to know about those processes? If you can control who spawns the processes,
strace -feprocess $SHELLwill do.If it's just an overview of their footprint, use process accounting (in the gnu acct package; use the lastcomm command), or higher-level tools like atop's logger mode. In the future, tools like trace and uprobes will be helpful to get detailed info out of the kernel.