diff options
Diffstat (limited to 'cddl/contrib/dtracetoolkit/Examples/opensnoop_example.txt')
-rw-r--r-- | cddl/contrib/dtracetoolkit/Examples/opensnoop_example.txt | 110 |
1 files changed, 110 insertions, 0 deletions
diff --git a/cddl/contrib/dtracetoolkit/Examples/opensnoop_example.txt b/cddl/contrib/dtracetoolkit/Examples/opensnoop_example.txt new file mode 100644 index 0000000..329d09b --- /dev/null +++ b/cddl/contrib/dtracetoolkit/Examples/opensnoop_example.txt @@ -0,0 +1,110 @@ +The following are examples of opensnoop. File open events are traced +along with some process details. + + +This first example is of the default output. The commands "cat", "cal", +"ls" and "uname" were run. The returned file descriptor (or -1 for error) are +shown, along with the filenames. + + # ./opensnoop + UID PID COMM FD PATH + 100 3504 cat -1 /var/ld/ld.config + 100 3504 cat 3 /usr/lib/libc.so.1 + 100 3504 cat 3 /etc/passwd + 100 3505 cal -1 /var/ld/ld.config + 100 3505 cal 3 /usr/lib/libc.so.1 + 100 3505 cal 3 /usr/share/lib/zoneinfo/Australia/NSW + 100 3506 ls -1 /var/ld/ld.config + 100 3506 ls 3 /usr/lib/libc.so.1 + 100 3507 uname -1 /var/ld/ld.config + 100 3507 uname 3 /usr/lib/libc.so.1 + [...] + + +Full command arguments can be fetched using -g, + + # ./opensnoop -g + UID PID PATH FD ARGS + 100 3528 /var/ld/ld.config -1 cat /etc/passwd + 100 3528 /usr/lib/libc.so.1 3 cat /etc/passwd + 100 3528 /etc/passwd 3 cat /etc/passwd + 100 3529 /var/ld/ld.config -1 cal + 100 3529 /usr/lib/libc.so.1 3 cal + 100 3529 /usr/share/lib/zoneinfo/Australia/NSW 3 cal + 100 3530 /var/ld/ld.config -1 ls -l + 100 3530 /usr/lib/libc.so.1 3 ls -l + 100 3530 /var/run/name_service_door 3 ls -l + 100 3530 /usr/share/lib/zoneinfo/Australia/NSW 4 ls -l + 100 3531 /var/ld/ld.config -1 uname -a + 100 3531 /usr/lib/libc.so.1 3 uname -a + [...] + + + +The verbose option prints human readable timestamps, + + # ./opensnoop -v + STRTIME UID PID COMM FD PATH + 2005 Jan 22 01:22:50 0 23212 df -1 /var/ld/ld.config + 2005 Jan 22 01:22:50 0 23212 df 3 /lib/libcmd.so.1 + 2005 Jan 22 01:22:50 0 23212 df 3 /lib/libc.so.1 + 2005 Jan 22 01:22:50 0 23212 df 3 /platform/SUNW,Sun-Fire-V210/lib/libc_psr.so.1 + 2005 Jan 22 01:22:50 0 23212 df 3 /etc/mnttab + 2005 Jan 22 01:22:50 0 23211 dtrace 4 /usr/share/lib/zoneinfo/Australia/NSW + 2005 Jan 22 01:22:51 0 23213 uname -1 /var/ld/ld.config + 2005 Jan 22 01:22:51 0 23213 uname 3 /lib/libc.so.1 + 2005 Jan 22 01:22:51 0 23213 uname 3 /platform/SUNW,Sun-Fire-V210/lib/libc_psr.so.1 + [...] + + + +Particular files can be monitored using -f. For example, + + # ./opensnoop -vgf /etc/passwd + STRTIME UID PID PATH FD ARGS + 2005 Jan 22 01:28:50 0 23242 /etc/passwd 3 cat /etc/passwd + 2005 Jan 22 01:28:54 0 23243 /etc/passwd 4 vi /etc/passwd + 2005 Jan 22 01:29:06 0 23244 /etc/passwd 3 passwd brendan + [...] + + + +This example is of opensnoop running on a quiet system. We can see as +various daemons are opening files, + + # ./opensnoop + UID PID COMM FD PATH + 0 253 nscd 5 /etc/user_attr + 0 253 nscd 5 /etc/hosts + 0 419 mibiisa 2 /dev/kstat + 0 419 mibiisa 2 /dev/rtls + 0 419 mibiisa 2 /dev/kstat + 0 419 mibiisa 2 /dev/kstat + 0 419 mibiisa 2 /dev/rtls + 0 419 mibiisa 2 /dev/kstat + 0 253 nscd 5 /etc/user_attr + 0 419 mibiisa 2 /dev/kstat + 0 419 mibiisa 2 /dev/rtls + 0 419 mibiisa 2 /dev/kstat + 0 174 in.routed 8 /dev/kstat + 0 174 in.routed 8 /dev/kstat + 0 174 in.routed 6 /dev/ip + 0 419 mibiisa 2 /dev/kstat + 0 419 mibiisa 2 /dev/rtls + 0 419 mibiisa 2 /dev/kstat + 0 293 utmpd 4 /var/adm/utmpx + 0 293 utmpd 5 /var/adm/utmpx + 0 293 utmpd 6 /proc/442/psinfo + 0 293 utmpd 6 /proc/567/psinfo + 0 293 utmpd 6 /proc/567/psinfo + 0 293 utmpd 6 /proc/567/psinfo + 0 293 utmpd 6 /proc/567/psinfo + 0 293 utmpd 6 /proc/567/psinfo + 0 293 utmpd 6 /proc/567/psinfo + 0 293 utmpd 6 /proc/567/psinfo + 0 293 utmpd 6 /proc/567/psinfo + 0 293 utmpd 6 /proc/3013/psinfo + 0 419 mibiisa 2 /dev/kstat + 0 419 mibiisa 2 /dev/rtls + 0 419 mibiisa 2 /dev/kstat + [...] |