GSP
Quick Navigator

Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages
opensnoop(1m) opensnoop(1m)

opensnoop - snoop file opens as they occur. Uses DTrace.

opensnoop [-a|-A|-ceghsvxZ] [-f pathname] [-n name] [-p PID]

opensnoop tracks file opens. As a process issues a file open, details such as UID, PID and pathname are printed out.
The returned file descriptor is printed, a value of -1 indicates an error. This can be useful for troubleshooting to determine if appliacions are attempting to open files that do not exist.
Since this uses DTrace, only the root user or users with the dtrace_kernel privilege can run this command.

Solaris

stable - needs the syscall provider.

-a
print all data
-A
dump all data, space delimited
-c
print current working directory of process
-e
print errno value
-g
print full command arguments
-s
print start time, us
-v
print start time, string
-x
only print failed opens
-Z
print zonename
-f pathname
file pathname to snoop
-n name
process name to snoop
-p PID
process ID to snoop

Default output, print file opens by process as they occur,
# opensnoop
Print human readable timestamps,
# opensnoop -v
See error codes,
# opensnoop -e
Snoop this file only,
# opensnoop -f /etc/passwd

ZONE
Zone name
UID
User ID
PID
Process ID
PPID
Parent Process ID
FD
File Descriptor (-1 is error)
ERR
errno value (see /usr/include/sys/errno.h)
CWD
current working directory of process
PATH
pathname for file open
COMM
command name for the process
ARGS
argument listing for the process
TIME
timestamp for the open event, us
STRTIME
timestamp for the open event, string

See the DTraceToolkit for further documentation under the Docs directory. The DTraceToolkit docs may include full worked examples with verbose descriptions explaining the output.

opensnoop will run forever until Ctrl-C is hit.

occasionally the pathname for the file open cannot be read and the following error will be seen,
dtrace: error on enabled probe ID 6 (...): invalid address
this is normal behaviour.

Brendan Gregg [Sydney, Australia]

dtrace(1M), truss(1)
$Date:: 2007-08-05 #$ USER COMMANDS

Search for    or go to Top of page |  Section other |  Main Index

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with ManDoc.