I use "opensnoop"
/usr/bin/opensnoop
to show all files which are opened from different processes.
But when I want to specific a file with
sudo opensnoop -n "directory/filename"
i'm getting this error:
token too large, exceeds YYLMAX
I'm hunting around for a fix and found only this website. The author modified the opensnoop script:
this is due to line 154 in /usr/bin/opensnoop containing
inline string NAME = "'$pname'";
that produces a dtrace script with this quoting
inline string NAME = "foo' 'bar";
and the first single quote ends the dtrace invocation leaving its input script incomplete.
The quick patch is to replace line 154 with
inline string NAME = "'"$pname"'";
but i'm still getting this error message.
Can anybody help me? Or tell me another utility where i can show the app which is currently working with a specific file?
Best Answer
-n
is only meant to be used with process names likesudo opensnoop -n System\ Preferences
. To see what processes access a file, usesudo opensnoop -f /tmp/a\ b.txt
.The change mentioned in the blog post fixes -n but not -f. To fix both of them, edit
/usr/bin/opensnoop
and replace these lines:With this: