How can I know which files a proccess is accessing?
Robert Watson
rwatson at FreeBSD.org
Sat Jun 10 20:06:48 UTC 2006
On Fri, 9 Jun 2006, Ulrich Spoerlein wrote:
> Robert Watson wrote:
>> A lot of people have answered and told you about lsof, which is a great
>> tool, and can give you a momentary snapshot of the files a process has
>> open. You might also be interested in getting a log of accesses, which you
>> can do using ktrace(1). This tracks system calls and you can see what
>> paths are being accessed at time of open. As of 7.x (and hopefully 6.2
>> once the MFC happens) you'll also be able to use audit(4) to track access
>> of files by processes.
>
> Sadly, ktrace(1) seems to be rather useless in RELENG_6 right now. Every
> medium sized app will result in an "out of ktrace objects" error. I remember
> that some improvements to ktrace(1) went into -CURRENT. Time for an MFC?
I fixed this in 7-CURRENT, I'll have to investigate how straight forward an
MFC might be. It does change the kernel thread data structure, so I'll need
to be a bit cautious.
Robert N M Watson
More information about the freebsd-stable
mailing list