Discussion:
Using regex matching in predicates
Vasanth Bhat
2011-02-16 14:17:49 UTC
Permalink
Hi,

Is there way to regex based comparision in Predicates.

For example, if I want to look for only those processes which
open the file "myapp*.conf.*", how would this be done in predicate?

syscall::open:entry
/(arg0 != NULL)&& (copyinstr(arg0) == "myapp*.conf.*"/
{
printf("File %s, opened by process %s[%d]\n",copyinstr(arg0), execname, pid);
}

I guess the above code will not work? What is the correct way to do this.

I would like to avoid using system() to run another shell script or d-script.

Thanks
Vasanth
Angelo Rajadurai
2011-02-16 14:44:27 UTC
Permalink
Second try. My last email bounced.

Hey Vasanth:

You can try

syscall::open:entry
/strstr(copyinstr(arg0),"myapp")!=0/
{
printf("File %s, opened by process %s[%d]\n",copyinstr(arg0), execname, pid);
}

-Angelo
Post by Vasanth Bhat
Hi,
Is there way to regex based comparision in Predicates.
For example, if I want to look for only those processes which open the file "myapp*.conf.*", how would this be done in predicate?
syscall::open:entry
/(arg0 != NULL)&& (copyinstr(arg0) == "myapp*.conf.*"/
{
printf("File %s, opened by process %s[%d]\n",copyinstr(arg0), execname, pid);
}
I guess the above code will not work? What is the correct way to do this.
I would like to avoid using system() to run another shell script or d-script.
Thanks
Vasanth
_______________________________________________
dtrace-discuss mailing list
Loading...