Watching a file system
Matthew Dillon
dillon at apollo.backplane.com
Tue Jun 26 13:50:31 PDT 2007
:Matthew Dillon <dillon at apollo.backplane.com> writes:
:> You can monitor system calls made by programs with ktrace.
:
:Ok, but what if I want to watch access to a particular file system
:(e.g. a mounted cdrom) by *all* system processes? :)
:------
:Dave Hayes - Consultant - Altadena CA, USA - dave at jetcafe.org
:>>> The opinions expressed above are entirely my own <<<
ktrace can be told to attach to a process and all its descendants.
Attach to pid 1 with that option and BANG, every single process in
the system will be ktraced.
You'll get a massive amount of data and performance will be terrible,
though.
Another option... export the CD via NFS and access it via NFS, and
use tcpdump to monitor access. You won't get the cache hits, but you
will get a good idea as to what is being accessed. It won't be pretty
though.
If you just want a summary of what files were accessed you can use
ncptrace from /usr/src/test/debug/ncptrace.c. Read the header on
how to compile it. You would then be able to 'ncptrace /mnt' (or
wherever you mounted the CD) to dump the namecache for that mount
point. You can clear the cache by unmounting and remounting the CD.
-Matt
Matthew Dillon
<dillon at backplane.com>
More information about the Users
mailing list