Unix/Linux Go Back    


NetBSD 6.1.5 - man page for filemon (netbsd section 4)

Linux & Unix Commands - Search Man Pages
Man Page or Keyword Search:   man
Select Man Page Set:       apropos Keyword Search (sections above)


FILEMON(4)			   BSD Kernel Interfaces Manual 		       FILEMON(4)

NAME
     filemon -- track interesting system calls

SYNOPSIS
     #include <filemon.h>

DESCRIPTION
     filemon provides a means for tracking the successful system calls performed by a process.
     It is used by make(1) to track the activities of build scripts, for the purpose of automati-
     cally learning dependencies.

     The data captured by filemon for the script

	   n=`wc -l /etc/motd`; echo "int motd_lines = $n;" > foo.h.new
	   cmp -s foo.h foo.h.new 2> /dev/null || mv foo.h.new foo.h

     looks like:

	   # filemon version 4
	   # Target pid 24291
	   V 4
	   E 29676 /bin/sh
	   R 29676 /etc/ld.so.conf
	   R 29676 /lib/libedit.so.2
	   R 29676 /lib/libtermcap.so.0
	   R 29676 /lib/libc.so.12
	   F 29676 4899
	   E 4899 /usr/bin/wc
	   R 4899 /etc/ld.so.conf
	   R 4899 /usr/lib/libc.so.12
	   R 4899 /etc/motd
	   X 4899 0
	   W 29676 foo.h.new
	   X 29676 0
	   # Bye bye
	   E 3250 /bin/sh
	   R 3250 /etc/ld.so.conf
	   R 3250 /lib/libedit.so.2
	   R 3250 /lib/libtermcap.so.0
	   R 3250 /lib/libc.so.12
	   W 26673 /dev/null
	   E 26673 /usr/bin/cmp
	   R 26673 /etc/ld.so.conf
	   R 26673 /usr/lib/libc.so.12
	   X 26673 2
	   E 576 /bin/mv
	   R 576 /etc/ld.so.conf
	   R 576 /lib/libc.so.12
	   M 576 'foo.h.new' 'foo.h'
	   X 576 0
	   X 3250 0
	   # Bye bye

     Most records follow the format:

	   type pid data

     where type is one of the list below, and unless otherwise specified, data is a pathname.

	   C	   chdir(2).

	   D	   unlink(2).

	   E	   exec(3).

	   F	   fork(2), vfork(2); data is the process id of the child.

	   L	   link(2), symlink(2); data is two pathnames.

	   M	   rename(2); data is two pathnames.

	   R	   open(2) for read or read-write.

	   W	   open(2) for writing or read-write.

	   X	   exit(3); data is the exit status.

	   V	   indicates the version of filemon.

FILES
     /dev/filemon

EXAMPLES
     The following example demonstrates the basic usage of filemon:

	   #include <filemon.h>

	   pid_d pid;
	   int fd, tfd;
	   int status;

	   filemon_fd = open("/dev/filemon", O_RDWR);
	   temp_fd = mkstemp("/tmp/filemon.XXXXXXX");
	   /* give filemon the temp file to use */
	   ioctl(filemon_fd, FILEMON_SET_FD, &temp_fd);
	   /* children do not need these once they exec */
	   fcntl(filemon_fd, F_SETFD, 1);
	   fcntl(temp_fd, F_SETFD, 1);

	   pid = fork();
	   switch(pid) {
	    case -1:
		err(1, "cannot fork");
		break;
	    case 0:
		pid = getpid();
		/* tell filemon to monitor this process */
		ioctl(filemon_fd, FILEMON_SET_PID, &pid);
		execvp(...);
		_exit(1);
		break;
	    default:
		status = wait();
		close(filemon_fd);
		lseek(temp_fd, SEEK_SET, 0);
		/* read the captured syscalls from temp_fd */
		close(temp_fd);
		break;
	   }

     The output of filemon is intended to be simple to parse.  It is possible to achieve almost
     equivalent results with dtrace(1) though on many systems this requires elevated privileges.
     Also, ktrace(1) can capture similar data, but records failed system calls as well as suc-
     cessful, and is thus more complex to post-process.

HISTORY
     filemon was contributed by Juniper Networks.

BSD					September 29, 2011				      BSD
Unix & Linux Commands & Man Pages : ©2000 - 2018 Unix and Linux Forums


All times are GMT -4. The time now is 09:43 AM.