Member-only story
DevOps in Linux — opensnoop Command
Note, full mind map is available at: “DevOps in Linux Mind Map”
What is opensnoop
opensnoop is a command-line utility, that traces open() system calls, providing insights into the file-opening activities of processes running on the Linux system. It is a powerful tool for debugging, monitoring, and understanding the behavior of processes and their interactions with the file system.
As part of the BCC (BPF Compiler Collection) tools, which is a suite of tools and libraries for working with eBPF on Linux systems. The BCC tools are open-source, and you can find their source code on GitHub.
In the BCC (https://github.com/iovisor/bcc) repository, opensnoop is implemented as a Python script that utilizes the BCC library to interact with eBPF. The specific source code file for opensnoop can be found here: https://github.com/iovisor/bcc/blob/master/tools/opensnoop.py
An example output of opensnoop looks like:
$ sudo /usr/share/bcc/tools/opensnoop
PID COMM FD ERR PATH
3328 node 27 0 /proc/net/tcp
3328 node 27 0 /proc/net/tcp6
16678 node 31 0 /proc/18516/cmdline
7170 sh 3 0…
