I Would like to capture the process `entry`, `exit` and maintain a log for the entire system (probably a daemon process). One approach was to read `/proc` file system periodically and maintain the list, as I do not see the possibility to register `inotify` for `/proc`. Also, for desktop applications, I could get the help of `dbus`, and whenever client registers to desktop, I can capture. But for non-desktop applications, I don't know how to go ahead apart from reading `/proc` periodically. Kindly provide suggestions.
You're probably going to have to write a kernel module; I don't think you can do this from userspace accurately.