Hi markj, list, I wrote a script for $work to help me find out "who on Earth keeps deleting files XYZ?" from a particular storage server.
Please find attached a copy of watch_vop_remove.d which
has the following sample output:
2014 Dec 3 11:58:52 rm[75596]: /tmp/foo
-+= 72846 0.0 -bash
\-+= 75589 0.0 /bin/bash /usr/home/support/bash_script
\-+= 75596 0.0 rm -f /tmp/foo
The above sample output was displayed when executing the following shell
script:
#!/bin/bash
touch /tmp/foo
rm -f /tmp/foo
The output format displayed for each vop_remove() call is as follows:
DATE process[PID]: PATH_TO_DELETE
-+= GPID UID.GID grandparent_process [arguments (up to 3)]
\-+= PPID UID.GID parent_process [arguments (up to 3)]
\-+= PID UID.GID process [arguments (up to 3)]
NB: Requires "kldload dtraceall" to be performed prior to execution
--
Cheers,
Devin
watch_vop_remove.d
Description: Binary data
_______________________________________________ [email protected] mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-dtrace To unsubscribe, send any mail to "[email protected]"
