| @@ -1,107 +1,104 @@ | | | @@ -1,107 +1,104 @@ |
1 | .\" $NetBSD: opensnoop.1m,v 1.3 2020/06/25 09:39:19 sevan Exp $ | | 1 | .\" $NetBSD: opensnoop.1m,v 1.4 2020/06/25 14:59:51 uwe Exp $ |
2 | .Dd June 25, 2020 | | 2 | .Dd June 25, 2020 |
3 | .Dt OPENSNOOP 1 | | 3 | .Dt OPENSNOOP 1 |
4 | .Os | | 4 | .Os |
5 | .Sh NAME | | 5 | .Sh NAME |
6 | .Nm opensnoop | | 6 | .Nm opensnoop |
7 | .Nd snoop file opens as they occur. Uses DTrace | | 7 | .Nd snoop file opens as they occur. Uses DTrace |
8 | .Sh SYNOPSIS | | 8 | .Sh SYNOPSIS |
9 | .Nm | | 9 | .Nm |
10 | .Op Fl a | Fl A | Fl ceghsvxZ | | 10 | .Op Fl a | Fl A | Fl ceghsvxZ |
11 | .Op Fl f Ar pathname | | 11 | .Op Fl f Ar pathname |
12 | .Op Fl n Ar name | | 12 | .Op Fl n Ar name |
13 | .Op Fl p Ar PID | | 13 | .Op Fl p Ar PID |
14 | .Sh DESCRIPTION | | 14 | .Sh DESCRIPTION |
15 | .Nm | | 15 | .Nm |
16 | tracks file opens. | | 16 | tracks file opens. |
17 | As a process issues a file open, details such as UID, PID and pathname are | | 17 | As a process issues a file open, details such as UID, PID and pathname are |
18 | printed out. | | 18 | printed out. |
19 | The returned file descriptor is printed, a value of -1 indicates an error. | | 19 | The returned file descriptor is printed, a value of \-1 indicates an error. |
20 | This can be useful for troubleshooting to determine if appliacions are | | 20 | This can be useful for troubleshooting to determine if appliacions are |
21 | attempting to open files that do not exist. | | 21 | attempting to open files that do not exist. |
22 | Since this uses DTrace, only the root user or users with the | | 22 | Since this uses DTrace, only the root user or users with the |
23 | dtrace_kernel privilege can run this command. | | 23 | dtrace_kernel privilege can run this command. |
24 | .Bl -tag -width Ds | | 24 | .Bl -tag -width Fl |
25 | .It Fl a | | 25 | .It Fl a |
26 | print all data | | 26 | print all data |
27 | .It Fl A | | 27 | .It Fl A |
28 | dump all data, space delimited | | 28 | dump all data, space delimited |
29 | .It Fl c | | 29 | .It Fl c |
30 | print current working directory of process | | 30 | print current working directory of process |
31 | .It Fl e | | 31 | .It Fl e |
32 | print errno value | | 32 | print errno value |
33 | .It Fl g | | 33 | .It Fl g |
34 | print full command arguments | | 34 | print full command arguments |
35 | .It Fl s | | 35 | .It Fl s |
36 | print start time, us | | 36 | print start time, us |
37 | .It Fl v | | 37 | .It Fl v |
38 | print start time, string | | 38 | print start time, string |
39 | .It Fl x | | 39 | .It Fl x |
40 | only print failed opens | | 40 | only print failed opens |
41 | .It Fl Z | | 41 | .It Fl Z |
42 | print zonename | | 42 | print zonename |
43 | .It Fl f Ar pathname | | 43 | .It Fl f Ar pathname |
44 | file pathname to snoop | | 44 | file pathname to snoop |
45 | .It Fl n Ar name | | 45 | .It Fl n Ar name |
46 | process name to snoop | | 46 | process name to snoop |
47 | .It Fl p Ar PID | | 47 | .It Fl p Ar PID |
48 | process ID to snoop | | 48 | process ID to snoop |
49 | .El | | 49 | .El |
50 | .Bl -column fieldtitle description | | 50 | .Bl -column "STRTIME" |
51 | .It Sy Fields Ta Sy Description | | 51 | .It Sy Fields Ta Sy Description |
52 | .It ZONE Ta Zone name | | 52 | .It ZONE Ta Zone name |
53 | .It UID Ta User ID | | 53 | .It UID Ta User ID |
54 | .It PID Ta Process ID | | 54 | .It PID Ta Process ID |
55 | .It PPID Ta Parent Process ID | | 55 | .It PPID Ta Parent Process ID |
56 | .It FD Ta File Descriptor (-1 is error) | | 56 | .It FD Ta File Descriptor |
57 | .It ERR Ta errno value ( see | | 57 | .Pq \-1 is error |
58 | .Pa /usr/include/sys/errno.h | | 58 | .It ERR Ta Va errno |
59 | ) | | 59 | value |
60 | .It CWD Ta current working directory of process | | 60 | .Pq see Pa /usr/include/sys/errno.h |
61 | .It PATH Ta pathname for file open | | 61 | .It CWD Ta current working directory of process |
62 | .It COMM Ta command name for the process | | 62 | .It PATH Ta pathname for file open |
63 | .It ARGS Ta argument listing for the process | | 63 | .It COMM Ta command name for the process |
64 | .It TIME Ta timestamp for the open event, us | | 64 | .It ARGS Ta argument listing for the process |
65 | .It STRTIME Ta timestamp for the open event, string | | 65 | .It TIME Ta timestamp for the open event, us |
| | | 66 | .It STRTIME Ta timestamp for the open event, string |
66 | .El | | 67 | .El |
67 | .Sh EXAMPLES | | 68 | .Sh EXAMPLES |
68 | Default output, print file opens by process as they occur, | | 69 | Default output, print file opens by process as they occur, |
69 | .Bd -literal -offset indent | | 70 | .Pp |
70 | .Ic opensnoop | | 71 | .Dl Ic opensnoop |
71 | .Ed | | | |
72 | .Pp | | 72 | .Pp |
73 | Print human readable timestamps, | | 73 | Print human readable timestamps, |
74 | .Bd -literal -offset indent | | 74 | .Pp |
75 | .Ic opensnoop -v | | 75 | .Dl Ic opensnoop -v |
76 | .Ed | | | |
77 | .Pp | | 76 | .Pp |
78 | See error codes, | | 77 | See error codes, |
79 | .Bd -literal -offset indent | | 78 | .Pp |
80 | .Ic opensnoop -e | | 79 | .Dl Ic opensnoop -e |
81 | .Ed | | | |
82 | .Pp | | 80 | .Pp |
83 | Snoop this file only, | | 81 | Snoop this file only, |
84 | .Bd -literal -offset indent | | 82 | .Pp |
85 | .Ic opensnoop -f /etc/passwd | | 83 | .Dl Ic opensnoop -f /etc/passwd |
86 | .Ed | | | |
87 | .Sh STABILITY | | 84 | .Sh STABILITY |
88 | stable - needs the syscall provider. | | 85 | stable \(em needs the syscall provider. |
89 | .Sh DOCUMENTATION | | 86 | .Sh DOCUMENTATION |
90 | See the DTraceToolkit for further documentation under the Docs directory. | | 87 | See the DTraceToolkit for further documentation under the Docs directory. |
91 | The DTraceToolkit docs may include full worked examples with verbose | | 88 | The DTraceToolkit docs may include full worked examples with verbose |
92 | descriptions explaining the output. | | 89 | descriptions explaining the output. |
93 | .Sh EXIT | | 90 | .Sh EXIT |
94 | opensnoop will run forever until Ctrl\-C is hit. | | 91 | .Nm |
| | | 92 | will run forever until Ctrl\-C is hit. |
95 | .Sh SEE ALSO | | 93 | .Sh SEE ALSO |
96 | .Xr dtrace 1 | | 94 | .Xr dtrace 1 |
97 | .Sh AUTHORS | | 95 | .Sh AUTHORS |
98 | .An Brendan Gregg | | 96 | .An Brendan Gregg |
99 | [Sydney, Australia] | | 97 | [Sydney, Australia] |
100 | .Sh BUGS | | 98 | .Sh BUGS |
101 | Occasionally the pathname for the file open cannot be read and the following | | 99 | Occasionally the pathname for the file open cannot be read and the following |
102 | error will be seen, | | 100 | error will be seen, |
103 | .Bd -literal -offset indent | | 101 | .Pp |
104 | dtrace: error on enabled probe ID 6 (...): invalid address | | 102 | .Dl dtrace: error on enabled probe ID 6 (...): invalid address |
105 | .Ed | | | |
106 | .Pp | | 103 | .Pp |
107 | this is normal behaviour. | | 104 | this is normal behaviour. |