Date: Fri, 9 Jun 2006 21:07:35 +0200 From: Ulrich Spoerlein <uspoerlein@gmail.com> To: Robert Watson <rwatson@freebsd.org> Cc: stable@freebsd.org Subject: Re: How can I know which files a proccess is accessing? Message-ID: <20060609190735.GB1037@roadrunner.q.local> In-Reply-To: <20060607184236.P53690@fledge.watson.org> References: <d3ea75b30606061339u55efbecemab0d3d0eb9adb636@mail.gmail.com> <20060607184236.P53690@fledge.watson.org>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] Robert Watson wrote: > A lot of people have answered and told you about lsof, which is a great tool, and can give > you a momentary snapshot of the files a process has open. You might also be interested in > getting a log of accesses, which you can do using ktrace(1). This tracks system calls and > you can see what paths are being accessed at time of open. As of 7.x (and hopefully 6.2 once > the MFC happens) you'll also be able to use audit(4) to track access of files by processes. Sadly, ktrace(1) seems to be rather useless in RELENG_6 right now. Every medium sized app will result in an "out of ktrace objects" error. I remember that some improvements to ktrace(1) went into -CURRENT. Time for an MFC? Ulrich Spoerlein -- PGP Key ID: 20FEE9DD Encrypted mail welcome! Fingerprint: AEC9 AF5E 01AC 4EE1 8F70 6CBD E76E 2227 20FE E9DD Which is worse: ignorance or apathy? Don't know. Don't care. [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (FreeBSD) iD8DBQFEicb3524iJyD+6d0RAoi9AJwKwhZB6+Z3Mc8P/E4yYS6T2qzzvgCfaPtv f7UgWMD6a+m+kw9JTj1SlzQ= =gEs9 -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060609190735.GB1037>