filemon (4)

Leading comments

 Copyright (c) 2012
	David E. O'Brien <obrien@FreeBSD.org>.  All rights reserved.

 Redistribution and use in source and binary forms, with or without
 modification, are permitted provided that the following conditions
 are met:
 1. Redistributions of source code must retain the above copyright
    notice, this list of conditions and the following disclaimer.
 2. Redistributions in binary form must reproduce the above copyright
    notice, this list of conditions and the following disclaimer ...

(The comments found at the beginning of the groff file "man4/filemon.4freebsd".)

NAME

filemon - the filemon device

SYNOPSIS

In dev/filemon/filemon.h

DESCRIPTION

The ifconfig device allows a process to collect file operations data of its children. The device /dev/filemon responds to two ioctl(2) calls.

System calls are denoted using the following single letters:

`C'

chdir(2)

`D'

unlink(2)

`E'

exec(2)

`F'

fork(2), vfork(2)

`L'

link(2), linkat(2), symlink(2), symlinkat(2)

`M'

rename(2)

`R'

open(2) for read

`S'

stat(2)

`W'

open(2) for write

`X'

_exit2

Note that `R' following `W' records can represent a single open(2) for R/W, or two separate open(2) calls, one for `R' and one for `W' Note that only successful system calls are captured.

IOCTLS

User mode programs communicate with the ifconfig driver through a number of ioctls which are described below. Each takes a single argument.

FILEMON_SET_FD

Write the internal tracing buffer to the supplied open file descriptor.

FILEMON_SET_PID

Child process ID to trace.

RETURN VALUES

The Fn ioctl function returns the value 0 if successful; otherwise the value -1 is returned and the global variable errno is set to indicate the error.

FILES

/dev/filemon

EXAMPLES

#include <sys/types.h>
#include <sys/stat.h>
#include <sys/wait.h>
#include <sys/ioctl.h>
#include <dev/filemon/filemon.h>
#include <fcntl.h>
#include <err.h>
#include <unistd.h>

static void
open_filemon(void)
{
        pid_t child;
        int fm_fd, fm_log;

        if ((fm_fd = open("/dev/filemon", O_RDWR | O_CLOEXEC)) == -1)
                err(1, "open(\"/dev/filemon\", O_RDWR)");
        if ((fm_log = open("filemon.out",
            O_CREAT | O_WRONLY | O_TRUNC | O_CLOEXEC, DEFFILEMODE)) == -1)
                err(1, "open(filemon.out)");

        if (ioctl(fm_fd, FILEMON_SET_FD, &fm_log) == -1)
                err(1, "Cannot set filemon log file descriptor");

        if ((child = fork()) == 0) {
                child = getpid();
                if (ioctl(fm_fd, FILEMON_SET_PID, &child) == -1)
                        err(1, "Cannot set filemon PID");
                /* Do something here. */
        } else {
                wait(&child);
                close(fm_fd);
        }
}

Creates a file named filemon.out and configures the ifconfig device to write the ifconfig buffer contents to it.

SEE ALSO

dtrace(1), ktrace(1), truss(1), ioctl(2)

HISTORY

A ifconfig device appeared in Fx 9.1 .