#!/usr/bin/stap

global filenames
global filehandles
global fileread
global ignore_file
global ignore_proc

probe begin {
  ignore_file["/proc"]=0
  ignore_file["/sys"]=0
  ignore_file["/dev"]=0
  ignore_file["/var/log"]=0
  ignore_file["/var/run"]=0
  ignore_file["/var/lock"]=0
  ignore_file["/home"]=0
  ignore_file["/tmp"]=0

  ignore_proc["preload"]=0
  ignore_proc["readahead"]=0
  ignore_proc["readahead-collector"]=0
}

probe syscall.open {
  filenames[pid()] = user_string($filename)
} 

probe syscall.open.return {
  if ($return != -1) {
    filehandles[pid(), $return] = filenames[pid()]
    fileread[pid(), $return] = 0
  } 
  delete filenames[pid()]
}

probe syscall.read {
  if ($count > 0) {
    fileread[pid(), $fd] += $count
  }
}

probe syscall.close {
  e = execname()
  do_ignore = 0

  foreach (what in ignore_proc)
    if(e == what)
      do_ignore = 1

  if (do_ignore == 0 && filehandles[pid(), $fd] != "" && fileread[pid(), $fd]) {
    foreach (what in ignore_file)
      if (substr(filehandles[pid(), $fd], 0, strlen(what)) == what) 
        do_ignore = 1

    if (do_ignore == 0 ) {
#      printf("%d %s %s %d\n",  timestamp(), execname(),
#             filehandles[pid(), $fd], fileread[pid(), $fd])
       printf("%s\n", filehandles[pid(), $fd]);
    }
  }
  delete fileread[pid(), $fd]
  delete filehandles[pid(), $fd]
}

probe timer.s(600)
{
	exit()
}