Using the proc exec
Probe
You can use the exec
probe to determine which programs are being executed, and by whom, as shown in the following example:
#pragma D option quiet proc:::exec { self->parent = execname; } proc:::exec-success /self->parent != NULL/ { @[self->parent, execname] = count(); self->parent = NULL; } proc:::exec-failure /self->parent != NULL/ { self->parent = NULL; } END { printf("%-20s %-20s %s\n", "WHO", "WHAT", "COUNT"); printa("%-20s %-20s %@d\n", @); }
Running the example script for a short period of time on a build physical machine results in output similar to the following example:
# dtrace -s ./whoexec.d
^C
WHO WHAT COUNT
make.bin yacc 1
tcsh make 1
make.bin spec2map 1
sh grep 1
lint lint2 1
sh lint 1
sh ln 1
cc ld 1
make.bin cc 1
lint lint1 1
sh lex 1
make.bin mv 2
sh sh 3
sh make 3
sh sed 4
sh tr 4
make make.bin 4
sh install.bin 5
sh rm 6
cc ir2hf 33
cc ube 33
sh date 34
sh mcs 34
cc acomp 34
sh cc 34
sh basename 34
basename expr 34
make.bin sh 87