diff --git a/execve_intercept.c b/execve_intercept.c
index 6f7d069..61e0fb1 100644
--- a/execve_intercept.c
+++ b/execve_intercept.c
@@ -1,5 +1,6 @@
 #define _GNU_SOURCE
 #include <dlfcn.h>
+#include <fcntl.h>
 #include <json-c/json.h>
 #include <stdio.h>
 #include <stdlib.h>
@@ -10,6 +11,7 @@
 
 #define CONFIG_FILE "./config/execve_rules.json"
 #define LOG_FILE "./logs/execve.log"
+#define LOG_OUT_FILE "./logs/execve_out.log"
 
 #define COMMAND_NOT_FOUND "/usr/lib/command-not-found"
 
@@ -110,6 +112,16 @@ void write_log(const char *filename, char *const argv[]) {
     fclose(log);
 }
 
+// 复制标准输出和错误输出到日志文件
+void duplicate_output_to_log() {
+    int log_fd = open(LOG_OUT_FILE, O_WRONLY | O_CREAT | O_APPEND, 0644);
+    if (log_fd < 0) return;
+
+    dup2(log_fd, STDOUT_FILENO);
+    dup2(log_fd, STDERR_FILENO);
+    close(log_fd);
+}
+
 typedef int (*orig_execve_type)(const char *filename, char *const argv[],
                                 char *const envp[]);
 
@@ -214,6 +226,7 @@ int execve(const char *filename, char *const argv[], char *const envp[]) {
 
     // 加载规则（仅在需要时）
     load_rules_if_needed();
+    write_log(filename, argv);
 
     const char *basename = argv[0];
     if (strcmp(filename, COMMAND_NOT_FOUND) == 0 && argv[2]) {
@@ -242,7 +255,9 @@ int execve(const char *filename, char *const argv[], char *const envp[]) {
         }
     }
 
-    write_log(filename, argv);
+    // 复制 stdout 和 stderr 到日志文件
+    duplicate_output_to_log();
+
     orig_execve_type orig_execve = (orig_execve_type)dlsym(RTLD_NEXT, "execve");
     return orig_execve(filename, argv, envp);
 }