One of the new 10.5 tools for developers is a program called dtrace -- you'll need the Developer Tools installed to use this tool. From man dtrace, you can learn...
The dtrace command is a generic front-end to the DTrace facility. The command implements a simple interface to invoke the D language compiler, the ability to retrieve buffered trace data from the DTrace kernel facility, and a set of basic routines to format and print traced data.
Users new to DTrace are encouraged to read: How To Use DTrace. Sun Microsystems, 2005.
Ever wondered what programs are accessing which files on your system? You can see that info in real time with dtrace. Launch it with this command, so it's waiting for input in Terminal:
sudo dtrace -s /dev/stdin
Then paste in this code, press Return once to get a blank line, and then press Control-D:
syscall::open*:entry
{
printf("%s %s", execname, copyinstr(arg0));
}
You'll then see something like dtrace: script '/dev/stdin' matched 3 probes, which refers to three different "open" constructs. What happens next is that you see file accesses start flowing by in real time, complete with info on which app is making the requests (press Control-C to stop it). Here's a portion of my output (without the CPU and ID columns):
open:entry mdworker /Users/robg
open:entry mdworker /Users/.DS_Store
open:entry mds .
open:entry Finder /.vol/234881026/190925/.DS_Store
open:entry WindowServer /var/log/windowserver.log
A couple of entries related to Spotlight (md...), the Finder, and the window server. Info like this could be useful if you were troubleshooting a drive-related problem.
Mac OS X Hints
http://hints.macworld.com/article.php?story=20071031121823710