2017-10-27 05:03:43 +01:00
|
|
|
# opensnoop
|
|
|
|
|
|
|
|
> Tool that tracks file opens on your system.
|
2022-02-14 11:21:43 +00:00
|
|
|
> More information: <https://ss64.com/osx/opensnoop.html>.
|
2017-10-27 05:03:43 +01:00
|
|
|
|
|
|
|
- Print all file opens as they occur:
|
|
|
|
|
|
|
|
`sudo opensnoop`
|
|
|
|
|
|
|
|
- Track all file opens by a process by name:
|
|
|
|
|
2022-02-14 11:21:43 +00:00
|
|
|
`sudo opensnoop -n "{{process_name}}"`
|
2017-10-27 05:03:43 +01:00
|
|
|
|
|
|
|
- Track all file opens by a process by PID:
|
|
|
|
|
|
|
|
`sudo opensnoop -p {{PID}}`
|
|
|
|
|
|
|
|
- Track which processes open a specified file:
|
|
|
|
|
|
|
|
`sudo opensnoop -f {{path/to/file}}`
|