HPE Community
Operating System - HP-UX
1827742 Members
3355 Online
109969 Solutions
New Discussion

Script to trouble shoot.

 
brian_31
Super Advisor

‎07-23-2002 08:19 AM

‎07-23-2002 08:19 AM

Script to trouble shoot.

Hi Team:

Trying to put up a small script which would help in trouble shooting. Say a particular application launches itself fine on one box but not on the other.I need to find all the files it touches upon before it comes up on one box and it may not touch up that file on the other. Here is something i thought..

touch file1
echo please wait....
sleep 15 (you can change this depending on the timeframe you require)
touch file2
find / -newer file1 ! -newer file2
echo completed

Can someone think better please..

Thanks
Brian.
0 Kudos
Reply
6 REPLIES 6
Rodney Hills
Honored Contributor

‎07-23-2002 08:58 AM

‎07-23-2002 08:58 AM

Re: Script to trouble shoot.

Trying to find files used by an application is a challenge-

Using "find / -newer ..." is good to see what files have been modified, but doesn't show those files that were only read. The use of file2 shouldn't be needed if you execute the find right after the application terminates.

Two products that can follow a process as files are opened are "glance" and "lsof". Unfortunatelly these are only snapshot views as the process runs.

Another possibility is if you have already configured your system as a "trusted system", their are tools to track all file access events. If you are not a "trusted system", don't jump into it lightly. Their are other ramifications that I consider negative to going to a trusted system.

Hope this helps...

-- Rod Hills
There be dragons...
0 Kudos
Reply
brian_31
Super Advisor

‎07-23-2002 09:07 AM

‎07-23-2002 09:07 AM

Re: Script to trouble shoot.

Hi:

True. It track only the files that have been modified, but is there a way that we could track the files that have been read also?

Thanks
Brian.
0 Kudos
Reply
Volker Borowski
Honored Contributor

‎07-23-2002 11:23 AM

‎07-23-2002 11:23 AM

Re: Script to trouble shoot.

Should work,

try "-anewer" a=accessed

Volker

Ref: http://www.nsa.gov/selinux/doc/man/find.1.html
0 Kudos
Reply
Wodisch_1
Honored Contributor

‎07-23-2002 11:40 AM

‎07-23-2002 11:40 AM

Re: Script to trouble shoot.

Hi Brian,

convert your system to "trusted" and then "audit" the file access for everybody (or only some users).

HTH,
Wodisch
0 Kudos
Reply
brian_31
Super Advisor

‎07-24-2002 07:15 AM

‎07-24-2002 07:15 AM

Re: Script to trouble shoot.

Hi:
Thanks. so this should work and also print out the files that were read...

touch file1
echo please wait....
sleep 15 (you can change this depending on the timeframe you require)
touch file2
find / -anewer file1 ! -anewer file2
echo completed

is this correct?

Please advise.

Thanks
Brian.
0 Kudos
Reply
Peter Kloetgen
Esteemed Contributor

‎07-24-2002 07:21 AM

‎07-24-2002 07:21 AM

Re: Script to trouble shoot.

Hi Brian,

i would do the following find command:

find / -anewer file1 -a ! -anewer file2

the -a option is the logical operator for a "and" operation.

Allways stay on the bright side of life!

Peter
I'm learning here as well as helping
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.