Hey Tim. I read through the manpage just to see whether or not I
missed an option, but it appears as though the lsof actually doesn't
insert itself into the filesystem open/close syscalls, but instead
just takes a sample every specified number of seconds and then an
awk/sed script is suggested to handle the output.. 

Yet you said you used it to debug pipe open/close pairs..? Was there
anything else you were using perhaps?

thanks,

marc tooley
marc@intekmedia.com

On Mon, 28 Dec 1998, Tim Rightnour wrote:

> Date: Mon, 28 Dec 1998 19:02:45 -0700 (MST)
> From: Tim Rightnour <root@garbled.net>
> To: marc@intekmedia.com
> Cc: netbsd-help@netbsd.org
> Subject: RE: File system auditing.. like SnoopDOS
> 
> 
> On 29-Dec-98 marc@intekmedia.com spoke unto us all:
> #  I have lsof--however running lsof constantly and parsing the output
> #  would not be an ideal solution. I've checked the manual pages and they
> #  say nothing about a continuous monitoring situation.
> 
> lsof is capable of running in continuous mode.. I think it was something like
> -r..  I've used it like this before to debug pipe open/close pairs.
> 
> It was in the manpage somewhere..
> 
> ---
> Tim Rightnour  -  root@garbled.net
> Free Multi-Platform Operating System: http://www.netbsd.org
> NetBSD Mailing lists on the web: http://mail-index.netbsd.org/mlist
>