dnlcsnoop_example.txt   [plain text]

The following is a demonstration of the dnlcsnoop.d script.


Here we run dnlcsnoop.d, while in another window a "find /etc/default"
command is executed,

   # dnlcsnoop.d
      PID CMD         TIME HIT PATH
     9185 bash           9   Y /etc
     9185 bash           3   Y /etc
    12293 bash           9   Y /usr
    12293 bash           3   Y /usr/bin
    12293 bash           4   Y /usr/bin/find
    12293 bash           7   Y /lib
    12293 bash           3   Y /lib/ld.so.1
    12293 find           6   Y /usr
    12293 find           3   Y /usr/bin
    12293 find           3   Y /usr/bin/find
    12293 find           3   Y /usr
    12293 find           3   Y /usr/lib
    12293 find           3   Y /usr/lib/ld.so.1
    12293 find           3   Y /usr/lib/..
    12293 find           3   Y /usr/..
    12293 find           3   Y /lib
    12293 find           3   Y /lib/ld.so.1
    12293 find           3   Y /usr
    12293 find           3   Y /usr/bin
    12293 find           2   Y /usr/bin/find
    12293 find           4   Y /var
    12293 find           3   Y /var/ld
    12293 find           3   Y /var/ld/ld.config
    12293 find           3   Y /lib
    12293 find           3   Y /lib/libc.so.1
    12293 find           3   Y /lib
    12293 find           3   Y /lib/libc.so.1
    12293 find           3   Y /lib
    12293 find           3   Y /lib/libc.so.1
    12293 find           8   Y /export
    12293 find           4   Y /export/home
    12293 find           3   Y /export/home/root
    12293 find           4   Y /export/home/root/CacheKit-0.93
    12293 find           3   Y /export
    12293 find           3   Y /export/home
    12293 find           3   Y /export/home/root
    12293 find           3   Y /export/home/root/CacheKit-0.93
    12293 find           3   Y /etc
    12293 find           3   Y /etc/default
    12293 find           3   Y /etc
    12293 find           3   Y /etc/default
    12293 find           5   N /etc/default/cron
    12293 find           3   N /etc/default/devfsadm
    12293 find           4   N /etc/default/fs
    12293 find           4   N /etc/default/kbd
    12293 find           3   N /etc/default/keyserv
    12293 find           4   N /etc/default/nss
    12293 find           3   N /etc/default/syslogd
    12293 find           3   N /etc/default/tar
    12293 find           4   N /etc/default/utmpd
    12293 find           5   N /etc/default/init
    12293 find           4   Y /etc/default/login
    12293 find           4   Y /etc/default/su
    12293 find           3   N /etc/default/passwd
    12293 find           3   N /etc/default/dhcpagent
    12293 find           4   N /etc/default/inetinit
    12293 find           3   N /etc/default/ipsec
    12293 find           3   N /etc/default/mpathd
    12293 find           3   N /etc/default/telnetd
    12293 find           3   Y /etc/default/nfs
    12293 find           3   N /etc/default/autofs
    12293 find           9   Y /etc/default/ftp
    12293 find           5   N /etc/default/rpc.nisd
    12293 find           5   N /etc/default/nfslogd
    12293 find           4   N /etc/default/lu
    12293 find           6   N /etc/default/power
    12293 find           5   N /etc/default/sys-suspend
    12293 find           6   N /etc/default/metassist.xml
    12293 find           5   N /etc/default/yppasswdd
    12293 find           4   N /etc/default/webconsole
    12293 find           5   Y /export
    12293 find           4   Y /export/home
    12293 find           4   Y /export/home/root
    12293 find           4   Y /export/home/root/CacheKit-0.93

The DNLC is the Directory Name Lookup Cache. Here we can see name lookups,
and whether the cache returned a hit. "/export/home/root/CacheKit-0.93" was
looked up a few times - this was the current directory that the find
command was executed from.