rwsnoop(1m) USER COMMANDS rwsnoop(1m)NAMErwsnoop - snoop read/write events. Uses DTrace.
SYNOPSISrwsnoop [-jPtvZ] [-n name] [-p PID]
DESCRIPTION
This is measuring reads and writes at the application level. This
matches the syscalls read, write, pread and pwrite.
Since this uses DTrace, only users with root privileges can run this
command.
OPTIONS-j print project ID
-P print parent process ID
-t print timestamp, us
-v print time, string
-Z print zone ID
-n name
process name to track
-p PID PID to track
EXAMPLES
Default output,
# rwsnoop
Print zone ID,
# rwsnoop-.Monitor processes named "bash", # rwsnoop-n bash
FIELDS
TIME timestamp, us
TIMESTR
time, string
ZONE zone ID
PROJ project ID
UID user ID
PID process ID
PPID parent process ID
CMD command name for the process
D direction, Read or Write
BYTES total bytes during sample
FILE filename, if file based. Reads and writes that are not file
based, for example with sockets, will print "<unknown>" as the
filename.
DOCUMENTATION
See the DTraceToolkit for further documentation under the Docs direc‐
tory. The DTraceToolkit docs may include full worked examples with ver‐
bose descriptions explaining the output.
EXITrwsnoop will run forever until Ctrl-C is hit.
AUTHOR
Brendan Gregg [Sydney, Australia]
SEE ALSOrwtop(1M), dtrace(1M)version 0.70 Jul 24, 2005 rwsnoop(1m)