How can I know which files a proccess is accessing?
Ulrich Spoerlein
uspoerlein at gmail.com
Sat Jun 10 17:22:32 UTC 2006
Robert Watson wrote:
> A lot of people have answered and told you about lsof, which is a great tool, and can give
> you a momentary snapshot of the files a process has open. You might also be interested in
> getting a log of accesses, which you can do using ktrace(1). This tracks system calls and
> you can see what paths are being accessed at time of open. As of 7.x (and hopefully 6.2 once
> the MFC happens) you'll also be able to use audit(4) to track access of files by processes.
Sadly, ktrace(1) seems to be rather useless in RELENG_6 right now. Every
medium sized app will result in an "out of ktrace objects" error. I
remember that some improvements to ktrace(1) went into -CURRENT. Time
for an MFC?
Ulrich Spoerlein
--
PGP Key ID: 20FEE9DD Encrypted mail welcome!
Fingerprint: AEC9 AF5E 01AC 4EE1 8F70 6CBD E76E 2227 20FE E9DD
Which is worse: ignorance or apathy?
Don't know. Don't care.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-stable/attachments/20060610/094f568c/attachment.pgp
More information about the freebsd-stable
mailing list