55 lines
957 B
D
Executable File
55 lines
957 B
D
Executable File
#!/usr/sbin/dtrace -s
|
|
|
|
#pragma D option quiet
|
|
#pragma D option defaultargs
|
|
#pragma D option switchrate=10hz
|
|
|
|
/*
|
|
dtrace:::BEGIN
|
|
{
|
|
printf("%-12s %6s %6s %-12.12s %s\n", "TIME(ms)", "UID",
|
|
"PID", "PROCESS", "provider:module:function:name");
|
|
}
|
|
*/
|
|
|
|
/*
|
|
printf("%-12d %6d %6d %-12.12s %s:%s:%s:%s\n", timestamp / 1000000,
|
|
uid, pid, execname, probeprov, probemod, probefunc, probename);
|
|
*/
|
|
|
|
syscall::open:entry
|
|
/execname == "imap" && arg1 & O_CREAT/
|
|
{
|
|
self->add = copyinstr(arg0)
|
|
}
|
|
|
|
syscall::unlink:entry
|
|
/execname == "imap"/
|
|
{
|
|
self->remove = copyinstr(arg0);
|
|
}
|
|
|
|
|
|
syscall::rename:entry
|
|
/execname == "imap"/
|
|
{
|
|
self->remove = copyinstr(arg0);
|
|
self->add = copyinstr(arg1);
|
|
}
|
|
|
|
syscall::unlink:entry,
|
|
syscall::rename:entry
|
|
/execname == "imap"/
|
|
{
|
|
printf("- %s\n", self->remove);
|
|
self->remove = 0;
|
|
}
|
|
|
|
syscall::open:entry,
|
|
syscall::rename:entry
|
|
/execname == "imap" && self->add != 0/
|
|
{
|
|
printf("+ %s\n", self->add);
|
|
self->add = 0;
|
|
}
|