-1

I would like to, from time to time, enable server-wide file monitoring that will show me all files being modified, updated and created while I have it running and thus simply spewing forth a list of files modified until I hit control-c.

This is specifically for a Linux server (CentOS 6.5).

How can I do this?

ylluminate
  • 1,001
  • 2
  • 15
  • 29
  • 1
    More context, please. – ewwhite Jul 07 '14 at 23:58
  • @ewwhite why is more context needed? As stated, I am simply wanting to monitor all files that are modified (or created) server-wide. All files. There's nothing else to add. This is for a specific purpose that is not necessary to explain further except that I need this capability. I want to be able to then grep through the output as needed to filter out the paths that I don't want if any exist, etc. – ylluminate Jul 08 '14 at 00:11
  • 4
    More context is always helpful because it may trigger a use case that someone else has already experienced or developed a solution for. It also helps us avoid the [XY Problem](http://meta.stackexchange.com/a/66378/189200)... – ewwhite Jul 08 '14 at 00:16
  • In this case I am search for all files that various processes modify during certain intervals. These processes are varied and many. I am simply needing to find what files they are modifying as some of these processes are storing data in non standard locations as well as keeping logs in non standard locations and I need to understand where these files are and what they are so that I can isolate various issues happening in each of these processes configurations. – ylluminate Jul 08 '14 at 00:22
  • You might want to look at `lsof` then. – melsayed Jul 08 '14 at 00:38
  • Well `lsof` is not entirely responsive enough to yield the realtime results that I'm hoping to achieve. – ylluminate Jul 08 '14 at 00:49

2 Answers2

4

sysdig has turned out to be the solution I've been looking for.

Their wiki has some exceptionally interesting examples for Disk I/O and so much more:

Disk I/O

  • See the top processes in terms of disk bandwidth usage

    sysdig -c topprocs_file

  • List the processes that are using a high number of files

    sysdig -c fdcount_by proc.name "fd.type=file"

  • See the top files in terms of read+write bytes

    sysdig -c topfiles_bytes

  • Print the top files that apache has been reading from or writing to

    sysdig -c topfiles_bytes proc.name=httpd

  • Basic opensnoop: snoop file opens as they occur

    sysdig -p "%12user.name %6proc.pid %12proc.name %3fd.num %fd.typechar %fd.name" evt.type=open

  • See the top directories in terms of R+W disk activity

    sysdig -c fdbytes_by fd.directory "fd.type=file"

  • See the top files in terms of R+W disk activity in the /tmp directory

    sysdig -c fdbytes_by fd.filename "fd.directory=/tmp/"

  • Observe the I/O activity on all the files named 'passwd'

    sysdig -A -c echo_fds "fd.filename=passwd"

  • Display I/O activity by FD type

    sysdig -c fdbytes_by fd.type

ylluminate
  • 1,001
  • 2
  • 15
  • 29
2

You can check out iontify-tools.

melsayed
  • 1,124
  • 1
  • 6
  • 11