Date: Sun, 1 Mar 2015 10:24:20 -0800 From: David Roundy <roundyd@physics.oregonstate.edu> To: freebsd-questions@freebsd.org Subject: using ktrace to track files modified Message-ID: <CABVG1pDHi482JqdARtmuREwLhHfYMSOL_D-wioQ=e6uro5i%2B5A@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
Hi all, I was wondering if it is possible to use ktrace to reliably track the files modified by a given command. I don't see how it can be used to do this, but that may be because I do not understand the output of kdump. In particular, I don't see how to interpret the arguments to the "at" versions of syscalls, openat, renameat,etc, which require met to know the meaning of the given directory file descriptors. I suppose one could maybe achieve this by tracking when those directories were opened, but this sounds fragile. Can anyone tell me if there is a good solution to using ktrace/kdump to monitor the file system usage of a command? David
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CABVG1pDHi482JqdARtmuREwLhHfYMSOL_D-wioQ=e6uro5i%2B5A>