For a few days now I've noticed that the PID keeps going up quickly, at a rate of over 200 or so an hour.
I'd like to make a log entry of every process that starts (and quits) so I can figure out what is happening.
I've looked in the logs and with Activity Monitor but I haven't seen anything obvious.
Whatever is happening doesn't appear to stop the MBP from going to sleep though.
Currently using Mountain Lion 10.8.0 on a late 2008 MacBook Pro
Best Answer
There is a command
execsnoopthat you can run in a terminal window. Like so:A more detailed log of all that is going on requires a bit of
dtracehacking, as you need to track theforkand_exitsystem calls as well.Edited to add a bit of explanation: Processes don't “start” on a unix system. New processes are created by the
forksystem call, which results in the calling process being split into two (almost) identical processes. One (the parent) keeps its PID, while the other (the childe) given a new PID. The most common reason for a fork is for the child toexeca new program; it's this fork+exec combination that you most commonly think of as a new process starting up. This is why you need to track three system calls (fork,exec,_exit) for the complete view. But just trackingexec, asexecsnoopwill do, seems sufficient for your purposes.