In Mac ,exec Dtrace, but console has nothing to display

Question

I am a newer to dtrace

when i exec the code
sudo dtrace -n 'syscall::read:entry /execname != "dtrace"/ { @reads[execname, fds[arg0].fi_pathname] = count(); }

then I exec cat filename in another console. but console has nothing to display.

environment:
OS x 10.8.4
dtrace: Sun D 1.6.2
need to config some? how to solve it ?

Answer 1

Try sudo bash to launch a root shell, and then running dtrace directly without the sudo.

Here's an example to ponder:

root@macbook:~> sudo dtrace -n 'syscall::read:entry /execname != "dtrace"/ { @reads[execname, fds[arg0].fi_pathname] = count(); }'
dtrace: description 'syscall::read:entry ' matched 1 probe
^C

root@macbook:~> dtrace -n 'syscall::read:entry /execname != "dtrace"/ { @reads[execname, fds[arg0].fi_pathname] = count(); }'
dtrace: description 'syscall::read:entry ' matched 1 probe
^C

  bash                                                ??/<unknown (NULL v_name)>/ttys022                                1
  fseventsd                                           <unknown (not a vnode)>                                           1
  mds                                                 <unknown (not a vnode)>                                           1
  Terminal                                            <unknown (not a vnode)>                                           2
  firefox                                             <unknown (not a vnode)>                                           2
  activitymonitor                                     <unknown (not a vnode)>                                           3
  Terminal                                            ??/<unknown (NULL v_name)>/ptmx                                   5
  Activity Monito                                     <unknown (not a vnode)>                                           8
  Google Chrome H                                     <unknown (not a vnode)>                                          13
  Google Chrome                                       <unknown (not a vnode)>                                          15
  Google Chrome                                       ??/<unknown (NULL v_name)>/urandom                               72

Bizzarely, the use of sudo while already root causes the DTrace probes to not fire. I'm guessing sudo interferes with the DTrace privileges. This is new to me (obviously, I've only ever run dtrace from a root shell on Mac OS X to start with). I'm sure someone else can explain this better.

Answer 2

Already late to that party, but what you can do instead of spawning a root shell is this.

Since you'll loose the output buffer (thus the output) when Ctrl-c-ing sudo you could rewrite your script to dump the results using the profile provider.

The profile provider provides probes associated with a time-based interrupt firing every fixed, specified time interval.

dtrace -s /dev/stdin

syscall::read:entry /execname != "dtrace"/ 
{
    @reads[execname, fds[arg0].fi_pathname] = count();
}
profile:::tick-2sec
{
    printa(@read);
    trunc(@read);
}

Ctr-d

I agree with Brendan's answer, but I always try to avoid to work with a persistent root shell, because I'm a rather sloppy and oblivious chap and sooner or later I'll will work on using that root shell, which is a bad idea.

I hope the MacOS X developers will fix this sudo issue anytime soon.

In addition I like to say, that although there are several people out there, who claim, that sudo does interfere with dtrace behaviour? I've encountered nothing on that matter, except the loss of the file descriptors from the spawned process using ctrl-c.