Query: rwsnoop
OS: osx
Section: 1m
Format: Original Unix Latex Style Formatted with HTML and a Horizontal Scroll Bar
rwsnoop(1m) USER COMMANDS rwsnoop(1m)NAMErwsnoop - snoop read/write events. Uses DTrace.SYNOPSISrwsnoop [-jPtvZ] [-n name] [-p PID]DESCRIPTIONThis is measuring reads and writes at the application level. This matches the syscalls read, write, pread and pwrite. Since this uses DTrace, only users with root privileges can run this command.OPTIONS-j print project ID -P print parent process ID -t print timestamp, us -v print time, string -Z print zone ID -n name process name to track -p PID PID to trackEXAMPLESDefault output, # rwsnoop Print zone ID, # rwsnoop -.Monitor processes named "bash", # rwsnoop -n bashFIELDSTIME timestamp, us TIMESTR time, string ZONE zone ID PROJ project ID UID user ID PID process ID PPID parent process ID CMD command name for the process D direction, Read or Write BYTES total bytes during sample FILE filename, if file based. Reads and writes that are not file based, for example with sockets, will print "<unknown>" as the file- name.DOCUMENTATIONSee the DTraceToolkit for further documentation under the Docs directory. The DTraceToolkit docs may include full worked examples with ver- bose descriptions explaining the output.EXITrwsnoop will run forever until Ctrl-C is hit.AUTHORBrendan Gregg [Sydney, Australia]SEE ALSOrwtop(1M), dtrace(1M) version 0.70 Jul 24, 2005 rwsnoop(1m)