 @@ -1,107 +1,104 @@
-.\" $NetBSD: opensnoop.1m,v 1.3 2020/06/25 09:39:19 sevan Exp $
+.\" $NetBSD: opensnoop.1m,v 1.4 2020/06/25 14:59:51 uwe Exp $
 .Dd June 25, 2020
 .Dt OPENSNOOP 1
 .Os
 .Sh NAME
 .Nm opensnoop
 .Nd snoop file opens as they occur. Uses DTrace
 .Sh SYNOPSIS
 .Nm
 .Op Fl a | Fl A | Fl ceghsvxZ
 .Op Fl f Ar pathname
 .Op Fl n Ar name
 .Op Fl p Ar PID
 .Sh DESCRIPTION
 .Nm
 tracks file opens.
 As a process issues a file open, details such as UID, PID and pathname are
 printed out.
-The returned file descriptor is printed, a value of -1 indicates an error.
+The returned file descriptor is printed, a value of \-1 indicates an error.
 This can be useful for troubleshooting to determine if appliacions are
 attempting to open files that do not exist.
 Since this uses DTrace, only the root user or users with the
 dtrace_kernel privilege can run this command.
-.Bl -tag -width Ds
+.Bl -tag -width Fl
 .It Fl a
 print all data
 .It Fl A
 dump all data, space delimited
 .It Fl c
 print current working directory of process
 .It Fl e
 print errno value
 .It Fl g
 print full command arguments
 .It Fl s
 print start time, us
 .It Fl v
 print start time, string
 .It Fl x
 only print failed opens
 .It Fl Z
 print zonename
 .It Fl f Ar pathname
 file pathname to snoop
 .It Fl n Ar name
 process name to snoop
 .It Fl p Ar PID
 process ID to snoop
 .El
-.Bl -column fieldtitle description
+.Bl -column "STRTIME"
 .It Sy Fields Ta Sy Description
-.It ZONE Ta Zone name
+.It ZONE      Ta Zone name
-.It UID	Ta User ID
+.It UID       Ta User ID
-.It PID Ta Process ID
+.It PID       Ta Process ID
-.It PPID Ta Parent Process ID
+.It PPID      Ta Parent Process ID
-.It FD Ta File Descriptor (-1 is error)
+.It FD        Ta File Descriptor
-.It ERR Ta errno value ( see
+.Pq \-1 is error
-.Pa /usr/include/sys/errno.h
+.It ERR       Ta Va errno
 value
-.It CWD Ta current working directory of process
+.Pq see Pa /usr/include/sys/errno.h
-.It PATH Ta pathname for file open
+.It CWD       Ta current working directory of process
-.It COMM Ta command name for the process
+.It PATH      Ta pathname for file open
-.It ARGS Ta argument listing for the process
+.It COMM      Ta command name for the process
-.It TIME Ta timestamp for the open event, us
+.It ARGS      Ta argument listing for the process
-.It STRTIME Ta timestamp for the open event, string
+.It TIME      Ta timestamp for the open event, us
 .It STRTIME   Ta timestamp for the open event, string
 .El
 .Sh EXAMPLES
 Default output, print file opens by process as they occur,
-.Bd -literal -offset indent
+.Pp
-.Ic opensnoop
+.Dl Ic opensnoop
 .Ed
 .Pp
 Print human readable timestamps,
-.Bd -literal -offset indent
+.Pp
-.Ic opensnoop -v
+.Dl Ic opensnoop -v
 .Ed
 .Pp
 See error codes,
-.Bd -literal -offset indent
+.Pp
-.Ic opensnoop -e
+.Dl Ic opensnoop -e
 .Ed
 .Pp
 Snoop this file only,
-.Bd -literal -offset indent
+.Pp
-.Ic opensnoop -f /etc/passwd
+.Dl Ic opensnoop -f /etc/passwd
 .Ed
 .Sh STABILITY
-stable - needs the syscall provider.
+stable \(em needs the syscall provider.
 .Sh DOCUMENTATION
 See the DTraceToolkit for further documentation under the Docs directory.
 The DTraceToolkit docs may include full worked examples with verbose
 descriptions explaining the output.
 .Sh EXIT
-opensnoop will run forever until Ctrl\-C is hit.
+.Nm
 will run forever until Ctrl\-C is hit.
 .Sh SEE ALSO
 .Xr dtrace 1
 .Sh AUTHORS
 .An Brendan Gregg
 [Sydney, Australia]
 .Sh BUGS
 Occasionally the pathname for the file open cannot be read and the following
 error will be seen,
-.Bd -literal -offset indent
+.Pp
-dtrace: error on enabled probe ID 6 (...): invalid address
+.Dl dtrace: error on enabled probe ID 6 (...): invalid address
 .Ed
 .Pp
 this is normal behaviour.