Lines Matching full:opensnoop
1 Demonstrations of opensnoop, the Linux eBPF/bcc version.
4 opensnoop traces the open() syscall system-wide, and prints various details.
7 # ./opensnoop
46 opensnoop can be useful for discovering configuration and log files, if used
53 ./opensnoop -Tp 1956
70 # ./opensnoop -U
80 # ./opensnoop -Uu 1000
91 # ./opensnoop -x
116 # ./opensnoop -d 2
127 # ./opensnoop -n ed
159 # ./opensnoop -e
174 # ./opensnoop -e -f O_WRONLY -f O_RDWR
188 # ./opensnoop --cgroupmap /sys/fs/bpf/test01
195 # ./opensnoop -h
196 usage: opensnoop.py [-h] [-T] [-U] [-x] [-p PID] [-t TID]
227 ./opensnoop # trace all open() syscalls
228 ./opensnoop -T # include timestamps
229 ./opensnoop -U # include UID
230 ./opensnoop -x # only show failed opens
231 ./opensnoop -p 181 # only trace PID 181
232 ./opensnoop -t 123 # only trace TID 123
233 ./opensnoop -u 1000 # only trace UID 1000
234 ./opensnoop -d 10 # trace for 10 seconds only
235 ./opensnoop -n main # only print process names containing "main"
236 ./opensnoop -e # show extended fields
237 ./opensnoop -f O_WRONLY -f O_RDWR # only print calls for writing
238 ./opensnoop -F # show full path for an open file with relative path
239 ./opensnoop --cgroupmap mappath # only trace cgroups in this BPF map
240 ./opensnoop --mntnsmap mappath # only trace mount namespaces in the map