Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
opensnoop(1m)							 opensnoop(1m)

NAME
       opensnoop - snoop file opens as they occur. Uses	DTrace.

SYNOPSIS
       opensnoop [-a|-A|-ceghsvxZ] [-f pathname] [-n name] [-p PID]

DESCRIPTION
       opensnoop  tracks  file opens. As a process issues a file open, details
       such as UID, PID	and pathname are printed out.

       The returned file descriptor is printed,	a value	of -1 indicates	an er-
       ror. This can be	useful for troubleshooting to determine	if appliacions
       are attempting to open files that do not	exist.

       Since  this  uses  DTrace,  only	 the  root  user  or  users  with  the
       dtrace_kernel privilege can run this command.

OS
       Solaris

STABILITY
       stable -	needs the syscall provider.

OPTIONS
       -a     print all	data

       -A     dump all data, space delimited

       -c     print current working directory of process

       -e     print errno value

       -g     print full command arguments

       -s     print start time,	us

       -v     print start time,	string

       -x     only print failed	opens

       -Z     print zonename

       -f pathname
	      file pathname to snoop

       -n name
	      process name to snoop

       -p PID process ID to snoop

EXAMPLES
       Default output, print file opens	by process as they occur,
	      #	opensnoop

       Print human readable timestamps,
	      #	opensnoop -v

       See error codes,
	      #	opensnoop -e

       Snoop this file only,
	      #	opensnoop -f /etc/passwd

FIELDS
       ZONE   Zone name

       UID    User ID

       PID    Process ID

       PPID   Parent Process ID

       FD     File Descriptor (-1 is error)

       ERR    errno value (see /usr/include/sys/errno.h)

       CWD    current working directory	of process

       PATH   pathname for file	open

       COMM   command name for the process

       ARGS   argument listing for the process

       TIME   timestamp	for the	open event, us

       STRTIME
	      timestamp	for the	open event, string

DOCUMENTATION
       See  the	 DTraceToolkit for further documentation under the Docs	direc-
       tory. The DTraceToolkit docs may	include	full worked examples with ver-
       bose descriptions explaining the	output.

EXIT
       opensnoop will run forever until	Ctrl-C is hit.

BUGS
       occasionally the	pathname for the file open cannot be read and the fol-
       lowing error will be seen,

       dtrace: error on	enabled	probe ID 6 (...): invalid address

       this is normal behaviour.

AUTHOR
       Brendan Gregg [Sydney, Australia]

SEE ALSO
       dtrace(1M), truss(1)

USER COMMANDS		     $Date:: 2007-08-05	#$		 opensnoop(1m)

NAME | SYNOPSIS | DESCRIPTION | OS | STABILITY | OPTIONS | EXAMPLES | FIELDS | DOCUMENTATION | EXIT | BUGS | AUTHOR | SEE ALSO

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=opensnoop&sektion=1&manpath=FreeBSD+12.1-RELEASE+and+Ports>

home | help