rwsnoop(1m) USER COMMANDS rwsnoop(1m)NAME
rwsnoop - snoop read/write events. Uses DTrace.
SYNOPSIS
rwsnoop [-jPtvZ] [-n name] [-p PID]
DESCRIPTION
This is measuring reads and writes at the application level. This matches the syscalls read, write, pread and pwrite.
Since this uses DTrace, only users with root privileges can run this command.
OPTIONS -j print project ID
-P print parent process ID
-t print timestamp, us
-v print time, string
-Z print zone ID
-n name
process name to track
-p PID PID to track
EXAMPLES
Default output,
# rwsnoop
Print zone ID,
# rwsnoop -.Monitor processes named "bash", # rwsnoop -n bash
FIELDS
TIME timestamp, us
TIMESTR
time, string
ZONE zone ID
PROJ project ID
UID user ID
PID process ID
PPID parent process ID
CMD command name for the process
D direction, Read or Write
BYTES total bytes during sample
FILE filename, if file based. Reads and writes that are not file based, for example with sockets, will print "<unknown>" as the file-
name.
DOCUMENTATION
See the DTraceToolkit for further documentation under the Docs directory. The DTraceToolkit docs may include full worked examples with ver-
bose descriptions explaining the output.
EXIT
rwsnoop will run forever until Ctrl-C is hit.
AUTHOR
Brendan Gregg [Sydney, Australia]
SEE ALSO rwtop(1M), dtrace(1M)version 0.70 Jul 24, 2005 rwsnoop(1m)
Check Out this Related Man Page
execsnoop(1m) USER COMMANDS execsnoop(1m)NAME
execsnoop - snoop new process execution. Uses DTrace.
SYNOPSIS
execsnoop [-a|-A|-ejhsvZ] [-c command]
DESCRIPTION
execsnoop prints details of new processes as they are executed. Details such as UID, PID and argument listing are printed out.
This program is very useful to examine short lived processes that would not normally appear in a prstat or "ps -ef" listing. Sometimes
applications will run hundreds of short lived processes in their normal startup cycle, a behaviour that is easily monitored with execsnoop.
Since this uses DTrace, only users with root privileges can run this command.
OPTIONS -a print all data
-A dump all data, space delimited
-e safe output, parseable. This prevents the ARGS field containing "
"s, to assist postprocessing.
-j print project ID
-s print start time, us
-v print start time, string
-Z print zonename
-c command
command name to snoop
EXAMPLES
Default output, print processes as they are executed,
# execsnoop
Print human readable timestamps,
# execsnoop -v
Print zonename,
# execsnoop -Z
Snoop this command only,
# execsnoop -c ls
FIELDS
UID User ID
PID Process ID
PPID Parent Process ID
COMM command name for the process
ARGS argument listing for the process
ZONE zonename
PROJ project ID
TIME timestamp for the exec event, us
STRTIME
timestamp for the exec event, string
DOCUMENTATION
See the DTraceToolkit for further documentation under the Docs directory. The DTraceToolkit docs may include full worked examples with ver-
bose descriptions explaining the output.
EXIT
execsnoop will run forever until Ctrl-C is hit.
AUTHOR
Brendan Gregg [Sydney, Australia]
SEE ALSO dtrace(1M), truss(1)version 1.20 Jul 02, 2005 execsnoop(1m)
Can someone tell me the meaning of the column 'C' contained in the output of the ps -ef command?
UID PID PPID C STIME TTY TIME COMMAND
I was once told that if the value was higher then 0 and the process showed to be in a state of sleep when running a top then the command had... (6 Replies)
Hi I'm a newbie to Unix scripting and was having some problems with AWK. I have written this little script that should read a process list and then print out the PID's of the offending processes. Unfortunately it doesn't seem to work! The script is as follows:
ps -ef | awk '{if... (10 Replies)
Hi All,
In my project i have two process runs in the back end.
Once i start my project, and execute the command ps, i get below output:
PID TTY TIME CMD
9086 pts/1 0:00 ksh
9241 pts/1 0:02 java
9240 pts/1 0:00 shell_script_bg
java with 9241 PID is the main... (4 Replies)
hi
I m trying to display the processes of each user but its coming in one line like
george wilkins
PID TTY TIME CMD 7661 ? 00:00:01 sshd 7662 pts/6 00:00:00 bash
i want the output to be like
PID TTY TIME CMD
7661 ? 00:00:01 sshd
7662 pts/6 00:00:00 bash
my code is
proc=$(users)... (5 Replies)
Hi All,
Am copying mulitple files in a directory in names File0,File1,File2 etc.
I need to print separately the PID of these copies using File names.
for((i=0;i<5;i++))
do
mypid=`ps aux | awk '/File$i/ && !/awk/ { print $2 }'`
echo PID is $mypid
done
It printed nothing. Thinking... (6 Replies)
It seems obviose, but I surprised to be not able to get it!
In bash, expected to get a current process ID by '$$'
So, if I ran backgroung any stuff and try from there get that process ID I would expect to have the same number as I have reported on foregroung screen, when I have started that... (9 Replies)
I am trying to write a C program that prints its ancestor name and PID
For example:
Lets say my program name is prog1 then the output should be
prog1 with PID: 2345
bash with PID: 4567
....
init with PID: 1
This is just a scratch work.
#include <stdio.h>
#include <unistd.h>
#include... (5 Replies)
I am on SunOS and Linux
I need generic command to get complete process details from which i will eventually extract socket details (listen address and port)
ps -ef | ggrep -i server | ggrep -i mydomaindoes not yield a process that should have both the grep entries along with the listen... (8 Replies)
This question is asked in an interview today that I have to return output with each PID number and the count of each PID number logged today. Here is the script that I have written. Can you confirm if that would work or not. The interviewer didn't said if my answer is correct or not. Can someone... (5 Replies)
need help to print the below ..
Content of file looks like below ..
SCHEMA1. TABLE1
SCHEMA2. TABLE2
SCHEMA3. TABLE3
read lines from above file and print o/p as below
print output like read 1st line and print
SELECT SCHEMA1.TABLE1
print output like read 2st line and print ... (4 Replies)