Date: Sat, 10 Jun 2006 18:25:01 +0100 (BST) From: Robert Watson <rwatson@FreeBSD.org> To: Ulrich Spoerlein <uspoerlein@gmail.com> Cc: stable@freebsd.org Subject: Re: How can I know which files a proccess is accessing? Message-ID: <20060610182415.M80521@fledge.watson.org> In-Reply-To: <20060609190735.GB1037@roadrunner.q.local> References: <d3ea75b30606061339u55efbecemab0d3d0eb9adb636@mail.gmail.com> <20060607184236.P53690@fledge.watson.org> <20060609190735.GB1037@roadrunner.q.local>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 9 Jun 2006, Ulrich Spoerlein wrote: > Robert Watson wrote: >> A lot of people have answered and told you about lsof, which is a great >> tool, and can give you a momentary snapshot of the files a process has >> open. You might also be interested in getting a log of accesses, which you >> can do using ktrace(1). This tracks system calls and you can see what >> paths are being accessed at time of open. As of 7.x (and hopefully 6.2 >> once the MFC happens) you'll also be able to use audit(4) to track access >> of files by processes. > > Sadly, ktrace(1) seems to be rather useless in RELENG_6 right now. Every > medium sized app will result in an "out of ktrace objects" error. I remember > that some improvements to ktrace(1) went into -CURRENT. Time for an MFC? I fixed this in 7-CURRENT, I'll have to investigate how straight forward an MFC might be. It does change the kernel thread data structure, so I'll need to be a bit cautious. Robert N M Watson
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060610182415.M80521>