thr3ads.net - dtrace discuss - [dtrace-discuss] Dtrace Snooping [Sep 2006]

If this information is useful, please help other people find it:
Share via:

Parthasarathy J

2006-Sep-06 06:16 UTC

[dtrace-discuss] Dtrace Snooping

Dear dtrace Experts,

I have seen some dtrace utilities like opensnoop and execsnoop etc.

 My interest is to write a simple script that can snoop the files which 
 uses the 3 syscalls like open,create,unlink.
 
 I have gone through dtrace oneliners that can do the same :
 
 dtrace -n ''syscall::open*:entry { printf("%s 
%s",execname,copyinstr(arg0));}''
 dtrace -n ''syscall::creat*:entry { printf("%s 
%s",execname,copyinstr(arg0));}''
 dtrace -n ''syscall::unlink*:entry { printf("%s 
%s",execname,copyinstr(arg0));}''
 
 But how to write a single script that can snoop & list the files that 
 uses the above 3 syscalls along with their timestamps .
 
 
 Please do let me know regarding the same.

Thanks,
Partha
 
 
This message posted from opensolaris.org

Surya Prakki

2006-Sep-06 06:33 UTC

head link

[dtrace-discuss] Dtrace Snooping

Put the 3 1-liners into 1 1-liner :-)

dtrace -n ''syscall::open*:entry { printf("%s
%s",execname,copyinstr(arg0)); trace(timestamp);}''  \
  -n ''syscall::creat*:entry { printf("%s 
%s",execname,copyinstr(arg0));
trace(timestamp);}'' \
  -n ''syscall::unlink*:entry { printf("%s 
%s",execname,copyinstr(arg0)); trace(timestamp);}''

HTH.

Parthasarathy J wrote:> Dear dtrace Experts,
> 
> I have seen some dtrace utilities like opensnoop and execsnoop etc.
> 
>  My interest is to write a simple script that can snoop the files which 
>  uses the 3 syscalls like open,create,unlink.
>  
>  I have gone through dtrace oneliners that can do the same :
>  
>  dtrace -n ''syscall::open*:entry { printf("%s 
%s",execname,copyinstr(arg0));}''
>  dtrace -n ''syscall::creat*:entry { printf("%s 
%s",execname,copyinstr(arg0));}''
>  dtrace -n ''syscall::unlink*:entry { printf("%s 
%s",execname,copyinstr(arg0));}''
>  
>  But how to write a single script that can snoop & list the files that 
>  uses the above 3 syscalls along with their timestamps .
>  
>  
>  Please do let me know regarding the same.
> 
> Thanks,
> Partha
>  
>  
> This message posted from opensolaris.org
> _______________________________________________
> dtrace-discuss mailing list
> dtrace-discuss at opensolaris.org
-- 
http://blogs.sun.com/sprakki

Trond Norbye

2006-Sep-06 06:48 UTC

head link

[dtrace-discuss] Re: Dtrace Snooping

> Put the 3 1-liners into 1 1-liner :-)
> 
> dtrace -n ''syscall::open*:entry { printf("%s
> %s",execname,copyinstr(arg0)); trace(timestamp);}''  \
> -n ''syscall::creat*:entry { printf("%s
>   %s",execname,copyinstr(arg0)); 
> ace(timestamp);}'' \
>   -n ''syscall::unlink*:entry { printf("%s 
> ",execname,copyinstr(arg0)); trace(timestamp);}''

And since you use the same block for all of the probes, you could just use:

dtrace -n ''
syscall::open*:entry, syscall::creat*:entry, syscall::unlink*:entry {
  printf("%s  %s",execname,copyinstr(arg0)); trace(timestamp);
}''

Trond
 
 
This message posted from opensolaris.org

Parthasarathy J

2006-Sep-06 07:24 UTC

head link

[dtrace-discuss] Re: Dtrace Snooping

Thanks a lot for helping a newbie in dtrace.
 
 
This message posted from opensolaris.org

Reasonably Related Threads

Search for more reasonably related threads

dtrace discuss - Sep 2006 - Dtrace Snooping

[dtrace-discuss] Dtrace Snooping

[dtrace-discuss] Dtrace Snooping

[dtrace-discuss] Re: Dtrace Snooping

[dtrace-discuss] Re: Dtrace Snooping

Reasonably Related Threads