How can I know which files a proccess is accessing?

[Dan Nelson]

In the last episode (Jun 09), Ulrich Spoerlein said:
> Robert Watson wrote:
> > A lot of people have answered and told you about lsof, which is a
> > great tool, and can give you a momentary snapshot of the files a
> > process has open. You might also be interested in getting a log of
> > accesses, which you can do using ktrace(1).  This tracks system
> > calls and you can see what paths are being accessed at time of
> > open.  As of 7.x (and hopefully 6.2 once the MFC happens) you'll
> > also be able to use audit(4) to track access of files by processes.
> 
> Sadly, ktrace(1) seems to be rather useless in RELENG_6 right now.
> Every medium sized app will result in an "out of ktrace objects"
> error. I remember that some improvements to ktrace(1) went into
> -CURRENT. Time for an MFC?

Just raise the kern.ktrace.request_pool sysctl; 4096 works for me.

-- 
	Dan Nelson
	dnelson at allantgroup.com