Solaris snoop on file access
wordpress meta
title: 'Solaris Snoop on File Access'
date: '2015-12-10T13:31:43-06:00'
status: publish
permalink: /solaris-snoop-on-file-access
author: admin
excerpt: ''
type: post
id: 922
category:
- Solaris
tag: []
post_format: []
title: 'Solaris Snoop on File Access'
date: '2015-12-10T13:31:43-06:00'
status: publish
permalink: /solaris-snoop-on-file-access
author: admin
excerpt: ''
type: post
id: 922
category:
- Solaris
tag: []
post_format: []
If you find yourself trying to figure out where your operating system is spending time with reads and writes try this little dtrace gem. Script is here: http://dtracebook.com/index.php/File_System:rwsnoop
I ran it like below. Unknown is socket access and filtering out ssh and grep explains itself.
# ./rwsnoop.dtrace | egrep -v "sshd|grep|unknown"
UID PID CMD D BYTES FILE
0 637 utmpd R 4 /var/adm/wtmpx
324 2884 java W 77 /scratch/agtst1ML/MemoryMonitorLog.log
324 2884 java W 77 /scratch/agtst1ML/MemoryMonitorLog.log
324 2884 java W 77 /scratch/agtst1ML/MemoryMonitorLog.log
324 2884 java W 16 /devices/pseudo/poll@0:poll
324 2884 java W 8 /devices/pseudo/poll@0:poll
1 593 nfsmapid R 78 /etc/resolv.conf
1 593 nfsmapid R 0 /etc/resolv.conf
324 2884 java W 77 /scratch/agtst1ML/MemoryMonitorLog.log
0 1 init R 1006 /etc/inittab
0 1 init R 0 /etc/inittab
0 1 init W 412 /etc/svc/volatile/init-next.state
0 1 init W 412 /etc/svc/volatile/init-next.state
0 1 init R 1006 /etc/inittab
0 1 init R 0 /etc/inittab
1 180 kcfd R 976 /usr/lib/security/pkcs11_kernel.so.1