Login or Register to Ask a Question and Join Our Community

Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

filemon(4) [freebsd man page]

FILEMON(4)						   BSD Kernel Interfaces Manual 						FILEMON(4)

NAME

     filemon -- the filemon device

SYNOPSIS

     #include <dev/filemon/filemon.h>

DESCRIPTION

     The filemon device allows a process to collect file operations data of its children.  The device /dev/filemon responds to two ioctl(2) calls.

     System calls are denoted using the following single letters:

     'C'     chdir(2)
     'D'     unlink(2)
     'E'     exec(2)
     'F'     fork(2), vfork(2)
     'L'     link(2), linkat(2), symlink(2), symlinkat(2)
     'M'     rename(2)
     'R'     open(2) for read
     'S'     stat(2)
     'W'     open(2) for write
     'X'     _exit(2)

     Note that 'R' following 'W' records can represent a single open(2) for R/W, or two separate open(2) calls, one for 'R' and one for 'W'.  Note
     that only successful system calls are captured.

IOCTLS

     User mode programs communicate with the filemon driver through a number of ioctls which are described below.  Each takes a single argument.

     FILEMON_SET_FD   Write the internal tracing buffer to the supplied open file descriptor.

     FILEMON_SET_PID  Child process ID to trace.

RETURN VALUES

     The ioctl() function returns the value 0 if successful; otherwise the value -1 is returned and the global variable errno is set to indicate
     the error.

FILES

     /dev/filemon

EXAMPLES

     #include <sys/types.h>
     #include <sys/stat.h>
     #include <sys/wait.h>
     #include <sys/ioctl.h>
     #include <dev/filemon/filemon.h>
     #include <fcntl.h>
     #include <err.h>
     #include <unistd.h>

     static void
     open_filemon(void)
     {
	     pid_t child;
	     int fm_fd, fm_log;

	     if ((fm_fd = open("/dev/filemon", O_RDWR | O_CLOEXEC)) == -1)
		     err(1, "open("/dev/filemon", O_RDWR)");
	     if ((fm_log = open("filemon.out",
		 O_CREAT | O_WRONLY | O_TRUNC | O_CLOEXEC, DEFFILEMODE)) == -1)
		     err(1, "open(filemon.out)");

	     if (ioctl(fm_fd, FILEMON_SET_FD, &fm_log) == -1)
		     err(1, "Cannot set filemon log file descriptor");

	     if ((child = fork()) == 0) {
		     child = getpid();
		     if (ioctl(fm_fd, FILEMON_SET_PID, &child) == -1)
			     err(1, "Cannot set filemon PID");
		     /* Do something here. */
	     } else {
		     wait(&child);
		     close(fm_fd);
	     }
     }

     Creates a file named filemon.out and configures the filemon device to write the filemon buffer contents to it.

SEE ALSO

     dtrace(1), ktrace(1), script(1), truss(1), ioctl(2)

HISTORY

     A filemon device appeared in FreeBSD 9.1.

BSD
								   June 14, 2013							       BSD

Check Out this Related Man Page

SNP(4)                                                     BSD Kernel Interfaces Manual                                                     SNP(4)

NAME

     snp -- tty snoop interface

SYNOPSIS

     #include <sys/snoop.h>

     int
     ioctl(fd, SNPSTTY, &dev);

     int
     ioctl(fd, SNPGTTY, &dev);

     int
     ioctl(fd, FIONREAD, &result);

DESCRIPTION

     /dev/snp is a snoop device which allows users to attach to any tty and watch activities on it.  The kernel must be compiled with device snp,
     or the snp module must be loaded, for these devices to be available.

     To associate a given snp device with a tty to be observed, open the snp device and a tty device, and then issue the SNPSTTY ioctl on snp
     device.  The argument passed to the ioctl(2) is the address of a variable of type int, holding the file descriptor of a tty device.  To
     detach the snp device from a tty use a pointer to a value of -1.

     The SNPGTTY ioctl returns information about the current tty attached to the open snp device.

     The FIONREAD ioctl returns a positive value equal to the number of characters in a read buffer.  Special values defined are:

     SNP_OFLOW     device overflow occurred, device detached.

     SNP_TTYCLOSE  tty not attached.

     SNP_DETACH    snp device has been detached by user or tty device has been closed and detached.

SEE ALSO

     pty(4), sio(4), kldload(8), watch(8)

HISTORY

     The snp device first appeared in FreeBSD 2.1.  In FreeBSD 8.0 the snp driver was rewritten to work with the replaced TTY subsystem.

AUTHORS

     The author of the current implementation is Ed Schouten <ed@FreeBSD.org>.  Previous versions of snp were based on code written by
     Ugen J.S. Antsilevich <ugen@NetVision.net.il>.

BUGS

     This version of snp does not return proper error codes when calling FIONREAD.  It also does not allow SNPSTTY to detach itself from the TTY.

BSD                                                              November 5, 2008                                                              BSD
Man Page