opensnoop is a command-line tool that comes preinstalled with Mac OS X allowing you to see what’s being modified in your filesystem. If you Google some tutorials on it, you’ll see that you can track a particular process name like Safari with code like
sudo opensnoop -n Safari
but if you try to do it with a process name that has a space in it, like Google Chrome, you’ll get a token too large, exceeds YYLMAX error.
The only fix I could find for it was in Italian. Here’s the original page, and then here’s the Google Translate (to English) version of that page.
It involves editing the actual binary file, so make sure you back it up first. If you edit it using nano, you can use the -B parameter to make an automatic backup first:
sudo nano -B /usr/bin/opensnoop
and then you’re just changing these lines inline string PATHNAME = “‘$pathname'”;
inline string NAME = “‘$pname'”;
to look like these lines instead: inline string NAME = “‘$pname'”;
inline string PATHNAME = “‘”$pathname”‘”;
inline string NAME = “‘”$pname”‘”;
You should then be able to run process names that have spaces in them. For example, inline string NAME = “‘”$pname”‘”;
sudo opensnoop -n “Google Chrome”
or sudo opensnoop -n Google\ Chrome