filemon(4) - NetBSD Manual Pages

Command: Section: Arch: Collection:  
FILEMON(4)              NetBSD Kernel Interfaces Manual             FILEMON(4)

filemon -- track interesting system calls
#include <filemon.h>
filemon provides a means for tracking the successful system calls per- formed by a process. It is used by make(1) to track the activities of build scripts, for the purpose of automatically learning dependencies. The data captured by filemon for the script n=`wc -l /etc/motd`; echo "int motd_lines = $n;" > cmp -s foo.h 2> /dev/null || mv foo.h looks like: # filemon version 4 # Target pid 24291 V 4 E 29676 /bin/sh R 29676 /etc/ R 29676 /lib/ R 29676 /lib/ R 29676 /lib/ F 29676 4899 E 4899 /usr/bin/wc R 4899 /etc/ R 4899 /usr/lib/ R 4899 /etc/motd X 4899 0 W 29676 X 29676 0 # Bye bye E 3250 /bin/sh R 3250 /etc/ R 3250 /lib/ R 3250 /lib/ R 3250 /lib/ W 26673 /dev/null E 26673 /usr/bin/cmp R 26673 /etc/ R 26673 /usr/lib/ X 26673 2 E 576 /bin/mv R 576 /etc/ R 576 /lib/ M 576 '' 'foo.h' X 576 0 X 3250 0 # Bye bye Most records follow the format: type pid data where type is one of the list below, and unless otherwise specified, data is a pathname. C chdir(2). D unlink(2). E exec(3). F fork(2), vfork(2); data is the process id of the child. L link(2), symlink(2); data is two pathnames. M rename(2); data is two pathnames. R open(2) for read or read-write. W open(2) for writing or read-write. X exit(3); data is the exit status. V indicates the version of filemon.
The following example demonstrates the basic usage of filemon: #include <filemon.h> pid_d pid; int fd, tfd; int status; filemon_fd = open("/dev/filemon", O_RDWR); temp_fd = mkstemp("/tmp/filemon.XXXXXXX"); /* give filemon the temp file to use */ ioctl(filemon_fd, FILEMON_SET_FD, &temp_fd); /* children do not need these once they exec */ fcntl(filemon_fd, F_SETFD, 1); fcntl(temp_fd, F_SETFD, 1); pid = fork(); switch(pid) { case -1: err(1, "cannot fork"); break; case 0: pid = getpid(); /* tell filemon to monitor this process */ ioctl(filemon_fd, FILEMON_SET_PID, &pid); execvp(...); _exit(1); break; default: status = wait(); close(filemon_fd); lseek(temp_fd, SEEK_SET, 0); /* read the captured syscalls from temp_fd */ close(temp_fd); break; } The output of filemon is intended to be simple to parse. It is possible to achieve almost equivalent results with dtrace(1) though on many sys- tems this requires elevated privileges. Also, ktrace(1) can capture sim- ilar data, but records failed system calls as well as successful, and is thus more complex to post-process.
filemon was contributed by Juniper Networks. NetBSD 7.1.2 April 5, 2012 NetBSD 7.1.2
Powered by man-cgi (2021-06-01). Maintained for NetBSD by Kimmo Suominen. Based on man-cgi by Panagiotis Christias.