xref: /netbsd-src/external/cddl/dtracetoolkit/dist/Man/man1m/opensnoop.1m (revision 2680eae4a73e801854fdb29d1afcc6b1e20a8a02) 
1.\" $NetBSD: opensnoop.1m,v 1.5 2020/06/26 15:45:18 wiz Exp $
2.Dd June 25, 2020
3.Dt OPENSNOOP 1
4.Os
5.Sh NAME
6.Nm opensnoop
7.Nd snoop file opens as they occur. Uses DTrace
8.Sh SYNOPSIS
9.Nm
10.Op Fl a | Fl A | Fl ceghsvxZ
11.Op Fl f Ar pathname
12.Op Fl n Ar name
13.Op Fl p Ar PID
14.Sh DESCRIPTION
15.Nm
16tracks file opens.
17As a process issues a file open, details such as UID, PID and pathname are
18printed out.
19The returned file descriptor is printed, a value of \-1 indicates an error.
20This can be useful for troubleshooting to determine if appliacions are
21attempting to open files that do not exist.
22Since this uses DTrace, only the root user or users with the
23dtrace_kernel privilege can run this command.
24.Bl -tag -width Fl
25.It Fl A
26dump all data, space delimited
27.It Fl a
28print all data
29.It Fl c
30print current working directory of process
31.It Fl e
32print errno value
33.It Fl f Ar pathname
34file pathname to snoop
35.It Fl g
36print full command arguments
37.It Fl n Ar name
38process name to snoop
39.It Fl p Ar PID
40process ID to snoop
41.It Fl s
42print start time, us
43.It Fl v
44print start time, string
45.It Fl x
46only print failed opens
47.It Fl Z
48print zonename
49.El
50.Bl -column "STRTIME"
51.It Sy Fields Ta Sy Description
52.It ZONE      Ta Zone name
53.It UID       Ta User ID
54.It PID       Ta Process ID
55.It PPID      Ta Parent Process ID
56.It FD        Ta File Descriptor
57.Pq \-1 is error
58.It ERR       Ta Va errno
59value
60.Pq see Pa /usr/include/sys/errno.h
61.It CWD       Ta current working directory of process
62.It PATH      Ta pathname for file open
63.It COMM      Ta command name for the process
64.It ARGS      Ta argument listing for the process
65.It TIME      Ta timestamp for the open event, us
66.It STRTIME   Ta timestamp for the open event, string
67.El
68.Sh EXAMPLES
69Default output, print file opens by process as they occur,
70.Pp
71.Dl Ic opensnoop
72.Pp
73Print human readable timestamps,
74.Pp
75.Dl Ic opensnoop -v
76.Pp
77See error codes,
78.Pp
79.Dl Ic opensnoop -e
80.Pp
81Snoop this file only,
82.Pp
83.Dl Ic opensnoop -f /etc/passwd
84.Ss STABILITY
85stable \(em needs the syscall provider.
86.Ss DOCUMENTATION
87See the DTraceToolkit for further documentation under the Docs directory.
88The DTraceToolkit docs may include full worked examples with verbose
89descriptions explaining the output.
90.Sh EXIT
91.Nm
92will run forever until Ctrl\-C is hit.
93.Sh SEE ALSO
94.Xr dtrace 1
95.Sh AUTHORS
96.An Brendan Gregg
97[Sydney, Australia]
98.Sh BUGS
99Occasionally the pathname for the file open cannot be read and the following
100error will be seen,
101.Pp
102.Dl dtrace: error on enabled probe ID 6 (...): invalid address
103.Pp
104this is normal behaviour.
105