search for: execsnoop

Displaying 6 results from an estimated 6 matches for "execsnoop".

2006 Nov 15
2
problem with dtrace toolkit
I tried some of the scripts in the toolkit (opensnoop, execsnoop, dtruss), and I keep seeing errors like this: dtrace: error on enabled probe ID 3 (ID 113: syscall::exece:return): invalid kernel access in action #5 at DIF offset 0 Anyone know what could be the problem? TIA This message posted from opensolaris.org
2006 Sep 06
3
Dtrace Snooping
Dear dtrace Experts, I have seen some dtrace utilities like opensnoop and execsnoop etc. My interest is to write a simple script that can snoop the files which uses the 3 syscalls like open,create,unlink. I have gone through dtrace oneliners that can do the same : dtrace -n ''syscall::open*:entry { printf("%s %s",execname,copyinstr(arg0));}''...
2007 Jan 10
0
[DTrace] Loose ends
G''Day Folks, I''ve rewritten execsnoop, opensnoop and shellsnoop so that they are wrapped in the Bourne shell to provide command line options (they have all lost their ".d" extensions, but the old versions are still online). They are rather more meaningful tools now. (Eg, I can run shellsnoop with "-qp PID" with the...
2005 Nov 18
6
expected system load from DTrace scripts/probes
Does anyone out there have any thoughts on the type of load common DTrace scripts would cause on a system if run 24x7? I know "common DTrace scripts" and their underlining probe calls a vague statement. So for the lack of a common and establish set of scripts in the OS, I''ll use the most popular right for my question...the DTraceToolkit from Brendan Gregg. Which by the
2005 Nov 29
2
Dtrace - Macros $1, $2, etc...
Unless I am missing something I cannot find a way to do a condtional check and handle it when a dtrace script is written with macros $1, $2 being passed to it, etc... In other words I have a dtrace script that can have parameters passed to it. Lets say $1 and $2 for example. I am trying to verity that there is or is not a value for $1 or $2 and adjust accordingly. I am finding that if use macros
2006 Nov 29
7
how to debug context switching and mutex contentions?
I''m looking for a suggestion on a good way to hunt down the source of high context switching and mutex contentions... Is dtrace the way to go now, or should I stick with something like lockstat? Russ This is a 5 second interval for mpstat: CPU minf mjf xcal intr ithr csw icsw migr smtx srw syscl usr sys wt idl 16 0 0 1115 1241 206 9095 912 2420 7393 0 12105 68 25