2.4.1 Example: Using daterun.d

The following example shows an executable DTrace script, daterun.d, which displays the file descriptor, output string, and string length specified to the write() system call whenever the date command is run on the system.

#!/usr/sbin/dtrace -qs

/* daterun.d -- Display arguments to write() when date runs */

syscall::write:entry
/execname == "date"/
{
  printf("%s(%d, %s, %d)\n", probefunc, arg0, copyinstr(arg1), arg2);
} 

In the example, the predicate is /execname == "date"/, which specifies that if the probe syscall::write:entry is triggered, DTrace runs the associated action only if the name of the executable is date.

Make the script executable by changing its mode:

# chmod +x daterun.d

If you run the script from one window, while typing the date command in another window, output similar to the following is displayed in the first window:

# ./daterun.d
write(1, Thu Oct 31 11:14:43 GMT 2013
, 29)