With bpftrace
on Linux, it's quite simple to monitor when a specific binary is run, and to print it's args and the environment variables passed to it.
This can be done with the following bpftrace
"program":
tracepoint:syscalls:sys_enter_execve
/str(args->filename) == "/etc/network/if-up.d/resolved" /
{
printf("%s %s\n", comm, str(args->filename));
join(args->argv);
join(args->envp, "\n");
}
which you can run as follows: bpftrace resolved_trace.bt