Date: Mon, 5 Aug 2002 12:27:46 -0700 From: Rich Morin <rdm@cfcl.com> To: freebsd-hackers@FreeBSD.ORG Subject: tracing process and file events Message-ID: <p05111b55b97481c52abc@[192.168.254.205]>
next in thread | raw e-mail | index | archive | help
I want to set up a FreeBSD system to log some fairly coarse information on processes and files, as: * process start and stop times, pid, ppid, ... * file opens, closes, unlinks, ... Looking at ktrace, it seems like I could _almost_ hang it on pid 1 and stand back. Unfortunately, the disk would fill up pretty fast and I might also get into some issues with ktrace tracing itself. If I could convince ktrace to stop and move to a new output file every so often (eg, once a minute), I could set up a background task to go over the output files, boil them down for the desired information, etc. It appears, however, that most of ktrace's heavy lifting is done in the kernel. I'd rather not venture in there, for fear of breaking things. Can anyone suggest an appropriate way to get this sort of information? -r -- email: rdm@cfcl.com; phone: +1 650-873-7841 http://www.cfcl.com/rdm - my home page, resume, etc. http://www.cfcl.com/Meta - The FreeBSD Browser, Meta Project, etc. http://www.ptf.com/dossier - Prime Time Freeware's DOSSIER series http://www.ptf.com/tdc - Prime Time Freeware's Darwin Collection To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?p05111b55b97481c52abc>