diff options
Diffstat (limited to 'cddl/contrib/dtracetoolkit/Man/man1m/execsnoop.1m')
-rw-r--r-- | cddl/contrib/dtracetoolkit/Man/man1m/execsnoop.1m | 108 |
1 files changed, 108 insertions, 0 deletions
diff --git a/cddl/contrib/dtracetoolkit/Man/man1m/execsnoop.1m b/cddl/contrib/dtracetoolkit/Man/man1m/execsnoop.1m new file mode 100644 index 0000000..a7114ce --- /dev/null +++ b/cddl/contrib/dtracetoolkit/Man/man1m/execsnoop.1m @@ -0,0 +1,108 @@ +.TH execsnoop 1m "$Date:: 2007-08-05 #$" "USER COMMANDS" +.SH NAME +execsnoop \- snoop new process execution. Uses DTrace. +.SH SYNOPSIS +.B execsnoop +[\-a|\-A|\-ejhsvZ] [\-c command] +.SH DESCRIPTION +execsnoop prints details of new processes as they are executed. +Details such as UID, PID and argument listing are printed out. + +This program is very useful to examine short lived processes that would +not normally appear in a prstat or "ps -ef" listing. Sometimes +applications will run hundreds of short lived processes in their +normal startup cycle, a behaviour that is easily monitored with execsnoop. + +Since this uses DTrace, only the root user or users with the +dtrace_kernel privilege can run this command. +.SH OS +Solaris +.SH STABILITY +stable - needs the syscall provider. +.SH OPTIONS +.TP +\-a +print all data +.TP +\-A +dump all data, space delimited +.TP +\-e +safe output, parseable. This prevents the ARGS field containing "\\n"s, +to assist postprocessing. +.TP +\-j +print project ID +.TP +\-s +print start time, us +.TP +\-v +print start time, string +.TP +\-Z +print zonename +.TP +\-c command +command name to snoop +.SH EXAMPLES +.TP +Default output, print processes as they are executed, +# +.B execsnoop +.TP +Print human readable timestamps, +# +.B execsnoop +\-v +.TP +Print zonename, +# +.B execsnoop +\-Z +.TP +Snoop this command only, +# +.B execsnoop +\-f ls +.PP +.SH FIELDS +.TP +UID +User ID +.TP +PID +Process ID +.TP +PPID +Parent Process ID +.TP +COMM +command name for the process +.TP +ARGS +argument listing for the process +.TP +ZONE +zonename +.TP +PROJ +project ID +.TP +TIME +timestamp for the exec event, us +.TP +STRTIME +timestamp for the exec event, string +.SH DOCUMENTATION +See the DTraceToolkit for further documentation under the +Docs directory. The DTraceToolkit docs may include full worked +examples with verbose descriptions explaining the output. +.SH EXIT +execsnoop will run forever until Ctrl\-C is hit. +.SH AUTHOR +Brendan Gregg +[Sydney, Australia] +.SH SEE ALSO +dtrace(1M), truss(1) + |