I first thought about this as a lsof substitute, but no, it's more like a primitive / simple FileMon/fs_usage. It shows the executable and the file it opened. Could be improved, of course.
Dtrace is amazing.
Dtrace is amazing.
sudo dtrace -qn 'syscall::open*:entry{ printf("%s %s\n",execname,copyinstr(arg0)); }'fs_usage shows much more information... but is not a one-liner ;P
Comments
Post a Comment