After the first day I have a program that logs all the syscalls of a process and its children. Unlike some other projects here, I'm trying to understand the aggregate behavior of a system (processes communicating and launching each other) rather than the atomic parts (syscalls). So now that I have this stream of juicy data, I want to start extracting some useful insights: what files does each process read and write? What are the dependencies between processes? how long does each process take and what's the bottleneck? The screenshot shows some syscalls from make running ls, with the syscalls of ls indented. &wtf