So there's been a bit of noise about a new sysadmin program from Sun called DTrace. From the home page:
DTrace provides a powerful infrastructure to permit administrators, developers, and service personnel to concisely answer arbitrary questions about the behavior of the operating system and user programs.
That sounds relatively boring. But check out this Introducing DTrace post.
Wow.
I don't do much sysadmin anymore, but when I did I wanted exactly that tool. I'd asked myself that question numerous times, and always came up short on ways to figure it out. Now, someone should wrap it in a application layer that focuses on detecting anomalous programs from a security perspective.