mirror of
https://github.com/Stichting-MINIX-Research-Foundation/netbsd.git
synced 2025-09-10 15:46:33 -04:00
57 lines
1.5 KiB
Plaintext
57 lines
1.5 KiB
Plaintext
.TH filebyproc.d 1m "$Date: 2015/09/30 22:01:09 $" "USER COMMANDS"
|
|
.SH NAME
|
|
filebyproc.d \- snoop opens by process name. Uses DTrace.
|
|
.SH SYNOPSIS
|
|
.B filebyproc.d
|
|
.SH DESCRIPTION
|
|
filebyproc.d is a DTrace OneLiner to print file pathnames as they are
|
|
opened, including the name of the process calling the open.
|
|
A line will be printed regardless of whether the open is actually
|
|
successful or not.
|
|
|
|
This is useful to learn which files applications are attempting to
|
|
open, such as config files, database files, log files, etc.
|
|
|
|
Docs/oneliners.txt and Docs/Examples/oneliners_examples.txt
|
|
in the DTraceToolkit contain this as a oneliner that can be cut-n-paste
|
|
to run.
|
|
|
|
Since this uses DTrace, only the root user or users with the
|
|
dtrace_kernel privilege can run this command.
|
|
.SH OS
|
|
Solaris
|
|
.SH STABILITY
|
|
stable - needs the syscall provider.
|
|
.SH EXAMPLES
|
|
.TP
|
|
This prints new process name and pathnames until Ctrl\-C is hit.
|
|
#
|
|
.B filebyproc.d
|
|
.PP
|
|
.SH FIELDS
|
|
.TP
|
|
CPU
|
|
The CPU that recieved the event
|
|
.TP
|
|
ID
|
|
A DTrace probe ID for the event
|
|
.TP
|
|
FUNCTION:NAME
|
|
The DTrace probe name for the event
|
|
.TP
|
|
remaining fields
|
|
The first is the name of the process, the second is the file pathname.
|
|
.PP
|
|
.SH DOCUMENTATION
|
|
See the DTraceToolkit for further documentation under the
|
|
Docs directory. The DTraceToolkit docs may include full worked
|
|
examples with verbose descriptions explaining the output.
|
|
.SH EXIT
|
|
filebyproc.d will run forever until Ctrl\-C is hit.
|
|
.SH AUTHOR
|
|
Brendan Gregg
|
|
[Sydney, Australia]
|
|
.SH SEE ALSO
|
|
opensnoop(1M), dtrace(1M), truss(1)
|
|
|