Date: Wed, 7 Jun 2006 18:44:05 +0100 (BST) From: Robert Watson <rwatson@FreeBSD.org> To: Eduardo Meyer <dudu.meyer@gmail.com> Cc: stable@freebsd.org Subject: Re: How can I know which files a proccess is accessing? Message-ID: <20060607184236.P53690@fledge.watson.org> In-Reply-To: <d3ea75b30606061339u55efbecemab0d3d0eb9adb636@mail.gmail.com> References: <d3ea75b30606061339u55efbecemab0d3d0eb9adb636@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 6 Jun 2006, Eduardo Meyer wrote: > I need to know which files under /var a proccess (httpd here) is acessing. > It is not logs because I have a different partition for logs. > > gstat tells me that slice ad0s1h (my /var) is 100% frequently, and in fact > with fstat I can see a number of httpd proccesses running accesing that. But > fstat only shows me inodes and the mount point. > > I need to know which files the proccesses are acessing. A lot of people have answered and told you about lsof, which is a great tool, and can give you a momentary snapshot of the files a process has open. You might also be interested in getting a log of accesses, which you can do using ktrace(1). This tracks system calls and you can see what paths are being accessed at time of open. As of 7.x (and hopefully 6.2 once the MFC happens) you'll also be able to use audit(4) to track access of files by processes. Robert N M Watson
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060607184236.P53690>