Date: Fri, 9 Jun 2006 21:07:35 +0200 From: Ulrich Spoerlein <uspoerlein@gmail.com> To: Robert Watson <rwatson@freebsd.org> Cc: stable@freebsd.org Subject: Re: How can I know which files a proccess is accessing? Message-ID: <20060609190735.GB1037@roadrunner.q.local> In-Reply-To: <20060607184236.P53690@fledge.watson.org> References: <d3ea75b30606061339u55efbecemab0d3d0eb9adb636@mail.gmail.com> <20060607184236.P53690@fledge.watson.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--uZ3hkaAS1mZxFaxD Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Robert Watson wrote: > A lot of people have answered and told you about lsof, which is a great t= ool, and can give=20 > you a momentary snapshot of the files a process has open. You might also = be interested in=20 > getting a log of accesses, which you can do using ktrace(1). This tracks= system calls and=20 > you can see what paths are being accessed at time of open. As of 7.x (an= d hopefully 6.2 once=20 > the MFC happens) you'll also be able to use audit(4) to track access of f= iles by processes. Sadly, ktrace(1) seems to be rather useless in RELENG_6 right now. Every medium sized app will result in an "out of ktrace objects" error. I remember that some improvements to ktrace(1) went into -CURRENT. Time for an MFC? Ulrich Spoerlein --=20 PGP Key ID: 20FEE9DD Encrypted mail welcome! Fingerprint: AEC9 AF5E 01AC 4EE1 8F70 6CBD E76E 2227 20FE E9DD Which is worse: ignorance or apathy? Don't know. Don't care. --uZ3hkaAS1mZxFaxD Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (FreeBSD) iD8DBQFEicb3524iJyD+6d0RAoi9AJwKwhZB6+Z3Mc8P/E4yYS6T2qzzvgCfaPtv f7UgWMD6a+m+kw9JTj1SlzQ= =gEs9 -----END PGP SIGNATURE----- --uZ3hkaAS1mZxFaxD--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060609190735.GB1037>