ttysnoop-相当牛的工具

ttysnoop-相当牛的工具

ttysnoop(8) System Manager's Manual ttysnoop(8)

NAME
ttysnoop - Watch output from a tty or pts device. Uses Linux eBPF/bcc.

SYNOPSIS
ttysnoop [-h] [-C] device

DESCRIPTION
ttysnoop watches a tty or pts device, and prints the same output that is appearing on that device. It can be used to mirror the output from a shell session, or the system console.

   This works by use of kernel dynamic tracing of the tty_write() function.  This tool will need updating in case that kernel function changes in a future kernel version.

   Since this uses BPF, only the root user can use this tool.

REQUIREMENTS
CONFIG_BPF and bcc.

OPTIONS
-C Don't clear the screen.

   -s SIZE , --datasize SIZE
          Size of the transmitting buffer (default 256).

   -c COUNT, --datacount COUNT
          Number of times ttysnop checks for SIZE bytes of data (default 16).

   device Either a path to a tty device (eg, /dev/tty0) or a pts number (eg, the "3" from /dev/pts/3).

EXAMPLES
Snoop output from /dev/pts/2
# ttysnoop /dev/pts/2

   Snoop output from /dev/pts/2 (shortcut)
          # ttysnoop 2

   Snoop output from the system console
          # ttysnoop /dev/console

   Snoop output from /dev/tty0
          # ttysnoop /dev/tty0

查看登录终端：

[root@localhost ~]# who
root     pts/0        2024-01-22 10:32 (10.65.30.83)
root     pts/1        2024-01-18 11:13 (10.65.30.83)

根据上面的终端类型进行选择：

[root@localhost ~]# ttysnoop 1	#这个连的是pts/1，显示这个终端上实时现在操作
ctrl+/是暂停输出信息的
ctrl+-是退出的
注意，不要输入东西哟，你现在输入的东西直接在那个终端执行!!!