Date: Sat, 10 Jun 2006 14:06:50 -0500 From: Dan Nelson <dnelson@allantgroup.com> To: Robert Watson <rwatson@FreeBSD.org>, stable@FreeBSD.org Subject: Re: How can I know which files a proccess is accessing? Message-ID: <20060610190650.GA10770@dan.emsphone.com> In-Reply-To: <20060609190735.GB1037@roadrunner.q.local> References: <d3ea75b30606061339u55efbecemab0d3d0eb9adb636@mail.gmail.com> <20060607184236.P53690@fledge.watson.org> <20060609190735.GB1037@roadrunner.q.local>
next in thread | previous in thread | raw e-mail | index | archive | help
In the last episode (Jun 09), Ulrich Spoerlein said: > Robert Watson wrote: > > A lot of people have answered and told you about lsof, which is a > > great tool, and can give you a momentary snapshot of the files a > > process has open. You might also be interested in getting a log of > > accesses, which you can do using ktrace(1). This tracks system > > calls and you can see what paths are being accessed at time of > > open. As of 7.x (and hopefully 6.2 once the MFC happens) you'll > > also be able to use audit(4) to track access of files by processes. > > Sadly, ktrace(1) seems to be rather useless in RELENG_6 right now. > Every medium sized app will result in an "out of ktrace objects" > error. I remember that some improvements to ktrace(1) went into > -CURRENT. Time for an MFC? Just raise the kern.ktrace.request_pool sysctl; 4096 works for me. -- Dan Nelson dnelson@allantgroup.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060610190650.GA10770>