1 files changed, 56 insertions, 0 deletions

diff --git a/Man/man1m/filebyproc.d.1m b/Man/man1m/filebyproc.d.1m
new file mode 100644
index 000000000000..23b56481662b
--- /dev/null
+++ b/Man/man1m/filebyproc.d.1m
@@ -0,0 +1,56 @@
+.TH filebyproc.d 1m  "$Date:: 2007-08-05 #$" "USER COMMANDS"
+.SH NAME
+filebyproc.d \- snoop opens by process name. Uses DTrace.
+.SH SYNOPSIS
+.B filebyproc.d
+.SH DESCRIPTION
+filebyproc.d is a DTrace OneLiner to print file pathnames as they are
+opened, including the name of the process calling the open.
+A line will be printed regardless of whether the open is actually
+successful or not.
+
+This is useful to learn which files applications are attempting to
+open, such as config files, database files, log files, etc.
+
+Docs/oneliners.txt and Docs/Examples/oneliners_examples.txt
+in the DTraceToolkit contain this as a oneliner that can be cut-n-paste
+to run.
+
+Since this uses DTrace, only the root user or users with the
+dtrace_kernel privilege can run this command.
+.SH OS
+Solaris
+.SH STABILITY
+stable - needs the syscall provider.
+.SH EXAMPLES
+.TP
+This prints new process name and pathnames until Ctrl\-C is hit.
+# 
+.B filebyproc.d
+.PP
+.SH FIELDS
+.TP
+CPU
+The CPU that recieved the event
+.TP
+ID
+A DTrace probe ID for the event
+.TP
+FUNCTION:NAME
+The DTrace probe name for the event
+.TP
+remaining fields
+The first is the name of the process, the second is the file pathname.
+.PP
+.SH DOCUMENTATION
+See the DTraceToolkit for further documentation under the 
+Docs directory. The DTraceToolkit docs may include full worked
+examples with verbose descriptions explaining the output.
+.SH EXIT
+filebyproc.d will run forever until Ctrl\-C is hit.
+.SH AUTHOR
+Brendan Gregg
+[Sydney, Australia]
+.SH SEE ALSO
+opensnoop(1M), dtrace(1M), truss(1)
+