This page describes how to configure and run Tracker. It should run as administrator.
tracker.conf is a configuration file of Tracker and should exist in the current working directory. Each line has a key-value pair that is delimited by either a tab or a space. A line beginning with a hash (#) is a comment.
This value includes the scheme, host, and port (if necessary) of URL for the service. Don't put a slash (/) at the end.
[OPTIONAL] Specify your username of PROV Storage to log in the service.
[OPTIONAL] Specify your password of PROV Storage to log in the service.
When your credentials don't exist in tracker.conf or they are invalid, a login page will show up in GUI mode. In console mode, the terminal will ask your credentials. You may specify your credentials in the arguments. See Console Mode.
(EXPERIMENTAL - Use carefully. You will lose process events of dropped processes.)
[OPTIONAL] If a process name of an event is identical to any of notrace values, the event will be dropped. Notrace values are seperated by commas. Don't put a space between values.
[OPTIONAL] If you want not to capture processes executed by specific users, you can use this option.
# This is a very simple configuration file # This file should be located at the current working directory when you run Tracker. SERVERURI https://pennprovenance.net USERNAME myusername PASSWORD mypassword NOTRACE date,mv,rm,uname,basename NOTRACE_USER root,foobar
Tracker should run as administrator.
- On Windows, only GUI mode is available, and all command line arguments are ignored.
Usage: sudo ./ceftracker no options
Usage: sudo ./ceftracker [options...] sudo ./noceftracker [options...] Options: --console Run in console mode (only for ceftracker) -p, --pname PROCNAME Simplified regular expressions for process name -f, --fpath FILEPATH Simplified regular expressions for file path -u, --username Your username -w, --password Your password (use only if you really want to) Example sudo ./ceftracker --console -p "^prog|^test.sh$" -f "^/home/"
Rules for process names
A user can give rules (in simplified regular expressions) for process names to capture. Tracker will collect events from a process that matches one of the specified rules and its descendant processes. A process name is the name of an executable file.
- Windows - A process name includes the file extension of an executable.
- Linux - In the
topcommand, it is shown as a command name. Note that its maximum length is 15. You can run a script as an executable by adding
#!/bin/python, etc. in the first line of the script. Without it, its process name is just
- OSX - Similar to Linux, but there is no limitation on the length.
Simplified Regular Expressions
Tracker uses the simple regular expression which supports the Match-beginning-of-line Operator (^) and the Match-end-of-line Operator ($). For example,
- ^vi matches vi, vim, etc.
- cat$ matches cat, nocat, etc.
- ^test$ matches only test.
- notepad matches notepad, notepad.exe, newnotepad, etc.
The Alternation Operator (|) can be used as follows.
- ^vi|cat$ matches vim, nocat, etc.