#!/usr/sbin/dtrace -s

#pragma D option quiet
#pragma D option defaultargs
#pragma D option switchrate=10hz

/*
dtrace:::BEGIN
{
	printf("%-12s %6s %6s %-12.12s %s\n", "TIME(ms)", "UID",
	    "PID", "PROCESS", "provider:module:function:name");
}
*/

/*
   printf("%-12d %6d %6d %-12.12s %s:%s:%s:%s\n", timestamp / 1000000,
   uid, pid, execname, probeprov, probemod, probefunc, probename);
   */

syscall::open:entry
/execname == "imap" && arg1 & O_CREAT/
{
    self->add = copyinstr(arg0)
}

syscall::unlink:entry
/execname == "imap"/
{
    self->remove = copyinstr(arg0);
}


syscall::rename:entry
/execname == "imap"/
{
	self->remove = copyinstr(arg0);
    self->add = copyinstr(arg1);
}

syscall::unlink:entry,
syscall::rename:entry
/execname == "imap"/
{
	printf("- %s\n", self->remove);
    self->remove = 0;
}

syscall::open:entry,
syscall::rename:entry
/execname == "imap" && self->add != 0/
{
    printf("+ %s\n", self->add);
    self->add = 0;
}