I found in IOStat, that some part of my application is writing extensively, but I don't know which process it is and what files it is writing to. In Vista there is a tool fo that which shows the files that have been active in the last 30 Seconds. Is there something similar for Linux?
Asked
Active
Viewed 2.3k times
14
-
Just out of curiosity: I know filemon, but what tool in Vista are you referring to? – Ludwig Weinzierl Jul 25 '09 at 21:20
-
@Ludwig Control Panel -> Administrative Tools -> Reliability and Performance Monitor. Then click the bar which says Disk. It shows the most active files and which processes are reading or writing. – Kevin Panko Jul 25 '09 at 21:32
-
It's on ServerFault already: http://serverfault.com/questions/224629/see-what-files-are-being-written-to-like-iotop-but-for-files-not-processes – Dan Dascalescu Feb 07 '14 at 09:29
7 Answers
9
strace -e trace=file -- <command>
will show you exactly what files your application is reading and writong
ThorSummoner
- 16,657
- 15
- 135
- 147
PiedPiper
- 5,735
- 1
- 30
- 40
-
-
It won't work on a whole tree but you can use the '-p pid' option to attach to up to 32 processes – PiedPiper Jul 28 '09 at 14:42
-
3or use '-f' to trace child processes as they are created by currently traced processes as a result of the fork(2) system call – PiedPiper Jul 28 '09 at 14:48
8
If you want to see all the file accesses in real time (up to 32 processes) you can use this command:
strace -f -e trace=file `ps aux | tail -n +2 | awk '{ORS=" "; print $2}' | sed -e 's/\([0-9]*\)/\-p \1 /g' | sed -e 's/\-p $//g'`
William Pursell
- 204,365
- 48
- 270
- 300
leszek.hanusz
- 5,152
- 2
- 38
- 56
-
1system crashed a few seconds after pasting this into ssh, afraid to try again :o where does the 32 processes limit come from? – Spikolynn Nov 04 '21 at 00:37
3
To find all files modified in the last 24 hours (last full day) in a particular specific directory and its sub-directories:
find /directory_path -mtime -1 -print
more at:
Finer Recliner
- 1,579
- 1
- 13
- 21
-
And is there also some way to monitor the activity (read write kb/s) on individual files? The server is quite active and many files get changed, but I need those with the highest transfer... – smint Jul 25 '09 at 20:56
3
What you are looking for is lsof.
It's a command line tool but there is also a GUI for it at sourceforge.
Ludwig Weinzierl
- 15,980
- 10
- 45
- 49
2
Not sure of a program but the find command in utility has a lot of options which will allow you to find files and/or directories that have been modified within a certain time period.
For example:
$ find /home/you -iname "*.txt" -mtime -1 -print
Would find text files that were last modified 1 days ago.
You could wrap this call in some sort of script or write your own quick little app to use the results.
Here's a site with some more info and examples:
cakeforcerberus
- 4,657
- 6
- 32
- 42
1
Linux provides a file change notification API called "dnotify", along with a command line utility dnotify. You can use that to keep track of the changes over the last 30s.
I would probably write an application that builds directly on the Linux API, and discards all events older than 30s.
Martin v. Löwis
- 124,830
- 17
- 198
- 235