From owner-freebsd-stable@FreeBSD.ORG Sat Jun 10 17:22:32 2006 Return-Path: X-Original-To: stable@freebsd.org Delivered-To: freebsd-stable@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0CA9416A479 for ; Sat, 10 Jun 2006 17:22:32 +0000 (UTC) (envelope-from uspoerlein@gmail.com) Received: from nf-out-0910.google.com (nf-out-0910.google.com [64.233.182.185]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9EA8148319 for ; Sat, 10 Jun 2006 13:49:35 +0000 (GMT) (envelope-from uspoerlein@gmail.com) Received: by nf-out-0910.google.com with SMTP id l23so698338nfc for ; Sat, 10 Jun 2006 06:49:34 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:date:from:to:cc:subject:message-id:mail-followup-to:references:mime-version:content-type:content-disposition:in-reply-to; b=Tf5bX/T0gtnQhHJMXUbWd5tpQi/p+O4tduVg5l6TDCdFCHnNXLkMJSoR7GRYaCNSBanIRnwJO/h2DvT2xvMc7e1mE1XPNdMzSyl+ITX9oewYZCAIEVi43AnimdSFy/+xHIzZz4QANDClymmIFpmliSatAAmKYJr3zc5ycnffLuk= Received: by 10.49.3.16 with SMTP id f16mr3261832nfi; Sat, 10 Jun 2006 06:49:34 -0700 (PDT) Received: from roadrunner.q.local ( [84.149.91.18]) by mx.gmail.com with ESMTP id a23sm4431474nfc.2006.06.10.06.49.33; Sat, 10 Jun 2006 06:49:33 -0700 (PDT) Received: from roadrunner.q.local (localhost [127.0.0.1]) by roadrunner.q.local (8.13.6/8.13.6) with ESMTP id k5ADndmG004534; Sat, 10 Jun 2006 15:49:39 +0200 (CEST) (envelope-from uspoerlein@gmail.com) Received: (from q@localhost) by roadrunner.q.local (8.13.6/8.13.6/Submit) id k59J7Zdi004133; Fri, 9 Jun 2006 21:07:35 +0200 (CEST) (envelope-from uspoerlein@gmail.com) Date: Fri, 9 Jun 2006 21:07:35 +0200 From: Ulrich Spoerlein To: Robert Watson Message-ID: <20060609190735.GB1037@roadrunner.q.local> Mail-Followup-To: Robert Watson , stable@freebsd.org References: <20060607184236.P53690@fledge.watson.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="uZ3hkaAS1mZxFaxD" Content-Disposition: inline In-Reply-To: <20060607184236.P53690@fledge.watson.org> Cc: stable@freebsd.org Subject: Re: How can I know which files a proccess is accessing? X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 10 Jun 2006 17:22:32 -0000 --uZ3hkaAS1mZxFaxD Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Robert Watson wrote: > A lot of people have answered and told you about lsof, which is a great t= ool, and can give=20 > you a momentary snapshot of the files a process has open. You might also = be interested in=20 > getting a log of accesses, which you can do using ktrace(1). This tracks= system calls and=20 > you can see what paths are being accessed at time of open. As of 7.x (an= d hopefully 6.2 once=20 > the MFC happens) you'll also be able to use audit(4) to track access of f= iles by processes. Sadly, ktrace(1) seems to be rather useless in RELENG_6 right now. Every medium sized app will result in an "out of ktrace objects" error. I remember that some improvements to ktrace(1) went into -CURRENT. Time for an MFC? Ulrich Spoerlein --=20 PGP Key ID: 20FEE9DD Encrypted mail welcome! Fingerprint: AEC9 AF5E 01AC 4EE1 8F70 6CBD E76E 2227 20FE E9DD Which is worse: ignorance or apathy? Don't know. Don't care. --uZ3hkaAS1mZxFaxD Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (FreeBSD) iD8DBQFEicb3524iJyD+6d0RAoi9AJwKwhZB6+Z3Mc8P/E4yYS6T2qzzvgCfaPtv f7UgWMD6a+m+kw9JTj1SlzQ= =gEs9 -----END PGP SIGNATURE----- --uZ3hkaAS1mZxFaxD--