As container technology has become a central part of modern IT infrastructure, the need for efficient log management and security monitoring has increased. Containers provide flexibility and performance advantages over traditional virtual machines but introduce new security challenges, particularly regarding visibility and monitoring processes within containerized environments.

This thesis presents a real-time monitoring solution that tracks and logs interactive processes within Docker containers. A monitoring framework was developed to detect and attach to active container processes using strace, a tool for system call tracing. The collected data is filtered to extract relevant command executions and exported to Elasticsearch for indexing and storage. The monitored data is then structured and visualized in Kibana, making it easier to analyze container activity. The system applies process filtering to reduce redundant logging and limit unnecessary data collection to improve efficiency. The implementation includes automated container event detection, multithreading, and selective data capture to maintain performance. Monitoring operates stealthily within the containerized environment, preventing logged containers from detecting its presence. Maintaining this level of stealth is important when monitoring must occur without influencing container behavior. If a container identifies an active tracking system, it may alter execution patterns, suppress specific processes, or attempt to avoid detection altogether. By remaining undetectable, the system records activity in its most natural state, allowing for accurate interaction analysis and identifying anomalies without interference. Resource usage is carefully managed to avoid excessive overhead while allowing detailed tracking of interactive processes.

By tackling key challenges in container observability, this work enhances security monitoring by demonstrating how system call tracing can provide deeper visibility without disrupting normal operations. The proposed approach offers a structured method for monitoring containerized processes while preserving efficiency and stealth.