> We wanted to develop a dtrace script that would capture the raw data
> that would be used to modify the internal database just before it was
> actually used to update the database. I have written this script, and
> it does dump out the record. However, it turns out that the database
> can be modified by three different methods, and each of these can be run
> many times under different pid numbers of course. The three methods are
> kadmin, kadmin.local and kpasswd.
>
> So, while my dtrace script did dump out exactly what we wanted, there
> was no way to get it to track and dump out records for multiple
> different pids that could be started up at any time.
One common technique is to write a D script which watches for new processes
to be spawned, and then invokes another D script on that new process. In
other words, something like this:
proc:::start
/execname == "bash"/
{
stop();
system("dtrace -s foo.d -p %d", pid);
}
foo.d:
BEGIN
{
system("prun %d", $target);
}
...
Might that work for this problem?
Adam
--
Adam Leventhal, FishWorks http://blogs.sun.com/ahl
_______________________________________________
dtrace-discuss mailing list
[email protected]
