From owner-freebsd-hackers  Mon Aug  5 12:27:52 2002
Delivered-To: freebsd-hackers@freebsd.org
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id C275A37B400
	for <freebsd-hackers@FreeBSD.ORG>; Mon,  5 Aug 2002 12:27:50 -0700 (PDT)
Received: from cfcl.com (cpe-24-221-169-54.ca.sprintbbd.net [24.221.169.54])
	by mx1.FreeBSD.org (Postfix) with ESMTP id EE52643E6A
	for <freebsd-hackers@FreeBSD.ORG>; Mon,  5 Aug 2002 12:27:49 -0700 (PDT)
	(envelope-from rdm@cfcl.com)
Received: from [192.168.254.205] (cerberus [192.168.254.205])
	by cfcl.com (8.11.6/8.11.1) with ESMTP id g75JRaG40746
	for <freebsd-hackers@FreeBSD.ORG>; Mon, 5 Aug 2002 12:27:36 -0700 (PDT)
	(envelope-from rdm@cfcl.com)
Mime-Version: 1.0
Message-Id: <p05111b55b97481c52abc@[192.168.254.205]>
X-Mailer: Eudora for Macintosh!
Date: Mon, 5 Aug 2002 12:27:46 -0700
To: freebsd-hackers@FreeBSD.ORG
From: Rich Morin <rdm@cfcl.com>
Subject: tracing process and file events
Content-Type: text/plain; charset="us-ascii" ; format="flowed"
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-hackers.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-hackers>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-hackers>
X-Loop: FreeBSD.ORG

I want to set up a FreeBSD system to log some fairly coarse information
on processes and files, as:

   *  process start and stop times, pid, ppid, ...
   *  file opens, closes, unlinks, ...

Looking at ktrace, it seems like I could _almost_ hang it on pid 1 and
stand back.  Unfortunately, the disk would fill up pretty fast and I
might also get into some issues with ktrace tracing itself.

If I could convince ktrace to stop and move to a new output file every
so often (eg, once a minute), I could set up a background task to go
over the output files, boil them down for the desired information, etc.
It appears, however, that most of ktrace's heavy lifting is done in the
kernel.  I'd rather not venture in there, for fear of breaking things.

Can anyone suggest an appropriate way to get this sort of information?

-r
-- 
email: rdm@cfcl.com; phone: +1 650-873-7841
http://www.cfcl.com/rdm    - my home page, resume, etc.
http://www.cfcl.com/Meta   - The FreeBSD Browser, Meta Project, etc.
http://www.ptf.com/dossier - Prime Time Freeware's DOSSIER series
http://www.ptf.com/tdc     - Prime Time Freeware's Darwin Collection

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message