xref: /netbsd-src/external/cddl/dtracetoolkit/dist/Docs/Examples/statsnoop_example.txt (revision c29d51755812ace2e87aeefdb06cb2b4dac7087a) 
1The following is an example of the statsnoop tool.
2
3
4statsnoop is a companion to opensnoop, which traces a variety of stat()
5calls rather than open() calls.
6
7Here I run statsnoop on my idle laptop for about 3 seconds,
8
9   # statsnoop
10     UID    PID COMM          FD PATH
11       0   1485 dtrace         0 /devices/pseudo/pts@0:6
12     100    791 dtwm          -1 /usr/mail/brendan
13     100    791 dtwm          -1 /usr/mail/brendan
14     100    791 dtwm          -1 /usr/mail/brendan
15     100    791 dtwm          -1 /usr/mail/brendan
16     100    795 sdtperfmeter   0 /devices/pseudo/mm@0:null
17       0    803 rpc.rstatd     0 /devices/pseudo/udp@0:udp
18       0    803 rpc.rstatd     0 /devices/pseudo/udp@0:udp
19     100    795 sdtperfmeter   0 /devices/pseudo/mm@0:null
20     100    791 dtwm           0 /export/home/brendan/.dt/Trash/.trashinfo
21     100    791 dtwm           0 /export/home/brendan/.dt/Trash/.trashinfo
22     100    791 dtwm           0 /devices/pseudo/mm@0:null
23     100    783 ttsession      0 /devices/pseudo/pts@0:3
24     100    783 ttsession      0 /devices/pseudo/pts@0:3
25     100    783 ttsession      0 /devices/pseudo/pts@0:3
26     100    791 dtwm           0 /devices/pseudo/mm@0:null
27     100    783 ttsession      0 /devices/pseudo/pts@0:3
28     100    783 ttsession      0 /devices/pseudo/pts@0:3
29     100    791 dtwm           0 /devices/pseudo/mm@0:null
30     100    791 dtwm           0 /devices/pseudo/mm@0:null
31     100    792 dtfile         0 /devices/pseudo/mm@0:null
32     100    783 ttsession      0 /devices/pseudo/pts@0:3
33   ^C
34
35It is interesting what turns up. In the above output, a "dtwm" process
36with process ID 791 called stat on /usr/mail/brendan and received -1 as
37a return value - as this file does not exist. (when were mailboxes ever
38stored in /usr/mail??).
39
40
41statsnoop has a variety of options, as opensnoop does. Here I trace stat()s
42from processes called "bash", while a new bash shell is executed,
43
44   # statsnoop -n bash
45     UID    PID COMM          FD PATH
46     100   1493 bash           0 /usr/bin/bash
47     100   1493 bash           0 /devices/pseudo/pts@0:8
48     100   1493 bash           0 /lib/libcurses.so.1
49     100   1493 bash           0 /lib/libsocket.so.1
50     100   1493 bash           0 /lib/libnsl.so.1
51     100   1493 bash           0 /lib/libdl.so.1
52     100   1493 bash           0 /lib/libc.so.1
53     100   1493 bash           0 /devices/pseudo/pts@0:8
54     100   1493 bash           0 /devices/pseudo/pts@0:8
55     100   1493 bash           0 /export/home/brendan
56     100   1493 bash           0 .
57     100   1493 bash           0 /export/home/brendan/.bashrc
58     100   1493 bash          -1 /usr/mail/brendan
59     100   1493 bash           0 /export/home/brendan/.bash_history
60     100   1493 bash           0 /export/home/brendan/.bash_history
61     100   1493 bash           0 /export/home/brendan/.bash_history
62     100   1493 bash          -1 /export/home/brendan/.inputrc
63     100   1493 bash           0 .
64   ^C
65
66bash also checked /usr/mail/brendan? hmm...
67
68   $ echo $MAIL
69   /usr/mail/brendan
70
71hmmmmm...
72
73   $ cat .profile
74   #       This is the default standard profile provided to a user.
75   #       They are expected to edit it to meet their own needs.
76
77   MAIL=/usr/mail/${LOGNAME:?}
78
79huh?
80
81   $ cat /etc/skel/.profile
82   #       This is the default standard profile provided to a user.
83   #       They are expected to edit it to meet their own needs.
84
85   MAIL=/usr/mail/${LOGNAME:?}
86
87   $ cat /var/sadm/pkg/SUNWcsr/save/pspool/SUNWcsr/reloc/etc/skel/.profile
88   #       This is the default standard profile provided to a user.
89   #       They are expected to edit it to meet their own needs.
90
91   MAIL=/usr/mail/${LOGNAME:?}
92
93oh.
94
95