rwsnoop 1m "$Date: 2015/09/30 22:01:09 $" "USER COMMANDS"
NAME
rwsnoop - snoop read/write events. Uses DTrace.
SYNOPSIS
rwsnoop [-jPtvZ] [-n name] [-p PID]
DESCRIPTION
This is measuring reads and writes at the application level. This
matches the syscalls read, write, pread and pwrite.
Since this uses DTrace, only the root user or users with the
dtrace_kernel privilege can run this command.
OS
Solaris
STABILITY
stable - needs the syscall provider.
OPTIONS
-j print project ID
-P print parent process ID
-t print timestamp, us
-v print time, string
-Z print zone ID
-n name process name to track
-p PID PID to track
EXAMPLES
Default output, # rwsnoop
Print zone ID, # rwsnoop -\Z
Monitor processes named "bash", # rwsnoop -n bash
FIELDS
TIME timestamp, us
TIMESTR time, string
ZONE zone ID
PROJ project ID
UID user ID
PID process ID
PPID parent process ID
CMD command name for the process
D direction, Read or Write
BYTES total bytes during sample
FILE filename, if file based. Reads and writes that are not file based, for example with sockets, will print "<unknown>" as the filename.
DOCUMENTATION
See the DTraceToolkit for further documentation under the
Docs directory. The DTraceToolkit docs may include full worked
examples with verbose descriptions explaining the output.
EXIT
rwsnoop will run forever until Ctrl-C is hit.
AUTHOR
Brendan Gregg
[Sydney, Australia]
SEE ALSO
rwtop(1M), dtrace(1M)
Indexes created Mon Apr 27 00:23:16 UTC 2026