A method of monitoring computer system calls by determining the system calls to be monitored. Then, determining data to be recorded for each system call. Then, creating a configuration file that includes the system calls and associated data. Then, modifying a system call table in a computer operating system to replace pointers to routines that correspond to system calls with pointers to a user-definable routine. If a system call occurs in a computer program then jumping to the user-definable routine, which reads the configuration file, jumps to a system call routine to execute the system call, returns to the user-definable routine with data produced by the system call routine, and records any returned data that is in the configuration file for that system call. Then, monitoring the computer program for other system calls.