The FreeBSD Diary

The FreeBSD Diary (TM) Remember
I remember

Things look quiet here. But I've been doing a lot of blogging at because I prefer WordPress now. Not all my posts there are FreeBSD related. I am in the midst of migrating The FreeBSD Diary over to WordPress (and you can read about that here). Once the migration is completed, I'll move the FreeBSD posts into the new FreeBSD Diary website.

watch - making it work 29 November 1999
Need more help on this topic? Click here
This article has 1 comment
Show me similar articles
watch allows you to snoop on another terminal.  It's for superuser only.
Why use watch?
Sometimes, often for security purposes, it is useful to see what someone is doing.   Perhaps you found someone cracking into your system and you want to see what they're doing.  I dunno.  Maybe you're just nosy.
What does watch need?
watch needs the following kernel option:
pseudo-device snp     3

This allows for four snoop devices.  I think you need one for each concurrent watch session.  I'm not sure.  You should add the following to your kernel and recompile.  This is pretty easy.  Then you will need to follow the Handbook instructions Building and Installing a Custom Kernel.

watch also needs the snoop devices.  You should do the following:

cd /dev
./MAKEDEV snp0
./MAKEDEV snp1
./MAKEDEV snp2
./MAKEDEV snp3
That should give you the devices you need.
The error
If you get the following error, then you didn't do the steps in the previous section.   Bad!  Go back and try again.
# watch ttyp1

watch: fatal: cannot open snoop device

If you get this error, then the next section will show you what to do.

Running watch
Here's how I did it:
# who
dan              ttyp0   Nov 27 17:35   (
dan              ttyp1   Nov 28 12:36   (
# watch ttyp1

Or, if you want to be able to write to the other terminal, try this:

# watch -W ttyp1

Need more help on this topic? Click here
This article has 1 comment
Show me similar articles