Dec 10

Solaris Snoop on File Access

If you find yourself trying to figure out where your operating system is spending time with reads and writes try this little dtrace gem. Script is here: http://dtracebook.com/index.php/File_System:rwsnoop

I ran it like below. Unknown is socket access and filtering out ssh and grep explains itself.

# ./rwsnoop.dtrace | egrep -v "sshd|grep|unknown"
  UID    PID CMD          D   BYTES FILE
    0    637 utmpd        R       4 /var/adm/wtmpx
  324   2884 java         W      77 /scratch/agtst1ML/MemoryMonitorLog.log
  324   2884 java         W      77 /scratch/agtst1ML/MemoryMonitorLog.log
  324   2884 java         W      77 /scratch/agtst1ML/MemoryMonitorLog.log
  324   2884 java         W      16 /devices/pseudo/poll@0:poll
  324   2884 java         W       8 /devices/pseudo/poll@0:poll
    1    593 nfsmapid     R      78 /etc/resolv.conf
    1    593 nfsmapid     R       0 /etc/resolv.conf
  324   2884 java         W      77 /scratch/agtst1ML/MemoryMonitorLog.log
    0      1 init         R    1006 /etc/inittab
    0      1 init         R       0 /etc/inittab
    0      1 init         W     412 /etc/svc/volatile/init-next.state
    0      1 init         W     412 /etc/svc/volatile/init-next.state
    0      1 init         R    1006 /etc/inittab
    0      1 init         R       0 /etc/inittab
    1    180 kcfd         R     976 /usr/lib/security/pkcs11_kernel.so.1

Comments Off on Solaris Snoop on File Access
comments

Reply