Tracker: Program Manual

This page describes how to configure and run Tracker. It should run as administrator.


tracker.conf is a configuration file of Tracker and should exist in the current working directory. Each line has a key-value pair that is delimited by either a tab or a space. A line beginning with a hash (#) is a comment.


This value includes the scheme, host, and port (if necessary) of URL for the service. Don't put a slash (/) at the end.



[OPTIONAL] Specify your username of PROV Storage to log in the service.




[OPTIONAL] Specify your password of PROV Storage to log in the service.

When your credentials don't exist in tracker.conf or they are invalid, a login page will show up in GUI mode. In console mode, the terminal will ask your credentials. You may specify your credentials in the arguments. See Console Mode.


(EXPERIMENTAL - Use carefully. You will lose process events of dropped processes.)

[OPTIONAL] If a process name of an event is identical to any of notrace values, the event will be dropped. Notrace values are seperated by commas. Don't put a space between values.

NOTRACE date,mv,rm,uname,basename


[OPTIONAL] If you want not to capture processes executed by specific users, you can use this option.

NOTRACE_USER root,foobar

Sample file

# This is a very simple configuration file
# This file should be located at the current working directory when you run Tracker.
USERNAME myusername
PASSWORD mypassword
NOTRACE date,mv,rm,uname,basename
NOTRACE_USER root,foobar

Program Usage

Tracker should run as administrator.

  • On Windows, only GUI mode is available, and all command line arguments are ignored.

GUI Mode

Usage: sudo ./ceftracker

no options

Console Mode

Usage: sudo ./ceftracker [options...]
       sudo ./noceftracker [options...]

 --console             Run in console mode (only for ceftracker)
 -p, --pname PROCNAME  Simplified regular expressions for process name 
 -f, --fpath FILEPATH  Simplified regular expressions for file path
 -u, --username        Your username
 -w, --password        Your password (use only if you really want to)

 sudo ./ceftracker --console -p "^prog|^$" -f "^/home/"

Rules for process names

A user can give rules (in simplified regular expressions) for process names to capture. Tracker will collect events from a process that matches one of the specified rules and its descendant processes. A process name is the name of an executable file.

  • Windows - A process name includes the file extension of an executable.
  • Linux - In the top command, it is shown as a command name. Note that its maximum length is 15. You can run a script as an executable by adding #!/bin/bash, #!/bin/python, etc. in the first line of the script. Without it, its process name is just bash or python.
  • OSX - Similar to Linux, but there is no limitation on the length.

Simplified Regular Expressions

Tracker uses the simple regular expression which supports the Match-beginning-of-line Operator (^) and the Match-end-of-line Operator ($). For example,

  • ^vi matches vi, vim, etc.
  • cat$ matches cat, nocat, etc.
  • ^test$ matches only test.
  • notepad matches notepad, notepad.exe, newnotepad, etc.

The Alternation Operator (|) can be used as follows.

  • ^vi|cat$ matches vim, nocat, etc.
Page last modified on September 28, 2016, at 06:31 AM