2 Replies Latest reply: Mar 3, 2011 5:53 AM by 840716 RSS

    Filenames in ufs_write and zfs_write probes?

      I'm trying to find a way to get dtrace to capture filenames of files that are being written to in ufs or zfs filesystems. I don't want, for example, writes to device files.
      I got the following from a post on the OpenSolaris forum (http://opensolaris.org/jive/thread.jspa?messageID=472665)

      self->filename = fds[arg0].fi_pathname;
      printf ("Filename: %s\n", self->filename);

      With this, however, I get all the /devices/psuedo/pts* with every shell command that gets executed. I've tried processing the self->filename variable with subsequent probes in order to narrow it down to what I'm looking for, but I keep running into various problems.

      What would be really helpful if there was a way to grab filenames within the ufs_write and zfs_write probes instead of having to use the syscall::write probe. Does anybody know if there is a mechanism in the file system probes that is similar to the above example?
        • 1. Re: Filenames in ufs_write and zfs_write probes?
          I think you want the fsinfo provider.

          #pragma D option quiet

          printf("%s (%s) %s: %d [%s]\n", probename, execname, args[0]->fi_pathname, args[1], args[0]->fi_fs);
          • 2. Re: Filenames in ufs_write and zfs_write probes?
            Thank you very much!!
            The fsinfo provider is not documented on the the DTrace documentation wiki. Or, if it is, it's not on the front page with all the other providers. (http://wikis.sun.com/display/DTrace/Documentation) Not sure I would ever have stumbled across that on my own.

            Playing around a bit I also found that:
            args[0]->fi_dirname gives you the directory the write took place in
            args[0]->fi_mount gives you the filesystem mountpoint the write took place in