diff options
| author | George V. Neville-Neil <gnn@FreeBSD.org> | 2012-05-12 20:38:18 +0000 |
|---|---|---|
| committer | George V. Neville-Neil <gnn@FreeBSD.org> | 2012-05-12 20:38:18 +0000 |
| commit | 055173dba4a263acf10325a49eebf82915369ed2 (patch) | |
| tree | aec2772e8855e6dbaea6d8136ed0c47bcb825dee /Examples/statsnoop_example.txt | |
| parent | 87c8f7aa3a46118212b99f0d58b18aa93c06b02a (diff) | |
Notes
Diffstat (limited to 'Examples/statsnoop_example.txt')
| -rw-r--r-- | Examples/statsnoop_example.txt | 94 |
1 files changed, 94 insertions, 0 deletions
diff --git a/Examples/statsnoop_example.txt b/Examples/statsnoop_example.txt new file mode 100644 index 000000000000..842017ea4331 --- /dev/null +++ b/Examples/statsnoop_example.txt @@ -0,0 +1,94 @@ +The following is an example of the statsnoop tool. + + +statsnoop is a companion to opensnoop, which traces a variety of stat() +calls rather than open() calls. + +Here I run statsnoop on my idle laptop for about 3 seconds, + + # statsnoop + UID PID COMM FD PATH + 0 1485 dtrace 0 /devices/pseudo/pts@0:6 + 100 791 dtwm -1 /usr/mail/brendan + 100 791 dtwm -1 /usr/mail/brendan + 100 791 dtwm -1 /usr/mail/brendan + 100 791 dtwm -1 /usr/mail/brendan + 100 795 sdtperfmeter 0 /devices/pseudo/mm@0:null + 0 803 rpc.rstatd 0 /devices/pseudo/udp@0:udp + 0 803 rpc.rstatd 0 /devices/pseudo/udp@0:udp + 100 795 sdtperfmeter 0 /devices/pseudo/mm@0:null + 100 791 dtwm 0 /export/home/brendan/.dt/Trash/.trashinfo + 100 791 dtwm 0 /export/home/brendan/.dt/Trash/.trashinfo + 100 791 dtwm 0 /devices/pseudo/mm@0:null + 100 783 ttsession 0 /devices/pseudo/pts@0:3 + 100 783 ttsession 0 /devices/pseudo/pts@0:3 + 100 783 ttsession 0 /devices/pseudo/pts@0:3 + 100 791 dtwm 0 /devices/pseudo/mm@0:null + 100 783 ttsession 0 /devices/pseudo/pts@0:3 + 100 783 ttsession 0 /devices/pseudo/pts@0:3 + 100 791 dtwm 0 /devices/pseudo/mm@0:null + 100 791 dtwm 0 /devices/pseudo/mm@0:null + 100 792 dtfile 0 /devices/pseudo/mm@0:null + 100 783 ttsession 0 /devices/pseudo/pts@0:3 + ^C + +It is interesting what turns up. In the above output, a "dtwm" process +with process ID 791 called stat on /usr/mail/brendan and received -1 as +a return value - as this file does not exist. (when were mailboxes ever +stored in /usr/mail??). + + +statsnoop has a variety of options, as opensnoop does. Here I trace stat()s +from processes called "bash", while a new bash shell is executed, + + # statsnoop -n bash + UID PID COMM FD PATH + 100 1493 bash 0 /usr/bin/bash + 100 1493 bash 0 /devices/pseudo/pts@0:8 + 100 1493 bash 0 /lib/libcurses.so.1 + 100 1493 bash 0 /lib/libsocket.so.1 + 100 1493 bash 0 /lib/libnsl.so.1 + 100 1493 bash 0 /lib/libdl.so.1 + 100 1493 bash 0 /lib/libc.so.1 + 100 1493 bash 0 /devices/pseudo/pts@0:8 + 100 1493 bash 0 /devices/pseudo/pts@0:8 + 100 1493 bash 0 /export/home/brendan + 100 1493 bash 0 . + 100 1493 bash 0 /export/home/brendan/.bashrc + 100 1493 bash -1 /usr/mail/brendan + 100 1493 bash 0 /export/home/brendan/.bash_history + 100 1493 bash 0 /export/home/brendan/.bash_history + 100 1493 bash 0 /export/home/brendan/.bash_history + 100 1493 bash -1 /export/home/brendan/.inputrc + 100 1493 bash 0 . + ^C + +bash also checked /usr/mail/brendan? hmm... + + $ echo $MAIL + /usr/mail/brendan + +hmmmmm... + + $ cat .profile + # This is the default standard profile provided to a user. + # They are expected to edit it to meet their own needs. + + MAIL=/usr/mail/${LOGNAME:?} + +huh? + + $ cat /etc/skel/.profile + # This is the default standard profile provided to a user. + # They are expected to edit it to meet their own needs. + + MAIL=/usr/mail/${LOGNAME:?} + + $ cat /var/sadm/pkg/SUNWcsr/save/pspool/SUNWcsr/reloc/etc/skel/.profile + # This is the default standard profile provided to a user. + # They are expected to edit it to meet their own needs. + + MAIL=/usr/mail/${LOGNAME:?} + +oh. + |