FILEMON(4) NetBSD Kernel Interfaces Manual FILEMON(4)
NAME
filemon -- track interesting system calls
SYNOPSIS
#include <filemon.h>
DESCRIPTION
filemon provides a means for tracking the successful system calls per- formed by a process. It is used by make(1) to track the activities of build scripts, for the purpose of automatically learning dependencies. The data captured by filemon for the script n=`wc -l /etc/motd`; echo "int motd_lines = $n;" > foo.h.new cmp -s foo.h foo.h.new 2> /dev/null || mv foo.h.new foo.h looks like: # filemon version 4 # Target pid 24291 V 4 E 29676 /bin/sh R 29676 /etc/ld.so.conf R 29676 /lib/libedit.so.2 R 29676 /lib/libtermcap.so.0 R 29676 /lib/libc.so.12 F 29676 4899 E 4899 /usr/bin/wc R 4899 /etc/ld.so.conf R 4899 /usr/lib/libc.so.12 R 4899 /etc/motd X 4899 0 W 29676 foo.h.new X 29676 0 # Bye bye E 3250 /bin/sh R 3250 /etc/ld.so.conf R 3250 /lib/libedit.so.2 R 3250 /lib/libtermcap.so.0 R 3250 /lib/libc.so.12 W 26673 /dev/null E 26673 /usr/bin/cmp R 26673 /etc/ld.so.conf R 26673 /usr/lib/libc.so.12 X 26673 2 E 576 /bin/mv R 576 /etc/ld.so.conf R 576 /lib/libc.so.12 M 576 'foo.h.new' 'foo.h' X 576 0 X 3250 0 # Bye bye Most records follow the format: type pid data where type is one of the list below, and unless otherwise specified, data is a pathname. C chdir(2). D unlink(2). E exec(3). F fork(2), vfork(2); data is the process id of the child. L link(2), symlink(2); data is two pathnames. M rename(2); data is two pathnames. R open(2) for read or read-write. W open(2) for writing or read-write. X exit(3); data is the exit status. V indicates the version of filemon.
FILES
/dev/filemon
EXAMPLES
The following example demonstrates the basic usage of filemon: #include <filemon.h> pid_d pid; int fd, tfd; int status; filemon_fd = open("/dev/filemon", O_RDWR); temp_fd = mkstemp("/tmp/filemon.XXXXXXX"); /* give filemon the temp file to use */ ioctl(filemon_fd, FILEMON_SET_FD, &temp_fd); /* children do not need these once they exec */ fcntl(filemon_fd, F_SETFD, 1); fcntl(temp_fd, F_SETFD, 1); pid = fork(); switch(pid) { case -1: err(1, "cannot fork"); break; case 0: pid = getpid(); /* tell filemon to monitor this process */ ioctl(filemon_fd, FILEMON_SET_PID, &pid); execvp(...); _exit(1); break; default: status = wait(); close(filemon_fd); lseek(temp_fd, SEEK_SET, 0); /* read the captured syscalls from temp_fd */ close(temp_fd); break; } The output of filemon is intended to be simple to parse. It is possible to achieve almost equivalent results with dtrace(1) though on many sys- tems this requires elevated privileges. Also, ktrace(1) can capture sim- ilar data, but records failed system calls as well as successful, and is thus more complex to post-process.
HISTORY
filemon was contributed by Juniper Networks. NetBSD 6.0.2 September 29, 2011 NetBSD 6.0.2
Powered by man-cgi (2024-08-26). Maintained for NetBSD by Kimmo Suominen. Based on man-cgi by Panagiotis Christias.