File monitor (like Sysinternal's Filemon) for Linux?

monitoring linux

Is there a file monitor, similar to FileMon from Sysinternals, for Linux?

I know about lsof, but this only shows me the files that were opened at the point I've executed it.


Solution 1:

A tool that works on Linux in similar way as the Sysinternals software can be found here: http://temasoft.com/products/filemonitor. It is an agent based, real-time file monitor for both Windows and Linux that can give you relevant details about various file operations, including the user name and process.

Note: I work for the company which develops this product.

Screenshot of the product

Solution 2:

The audit subsystem can tell you all sorts of things.

Solution 3:

Here is another application that does something related: http://archive09.linux.com/feature/124903. It's called kfsmd.

Here's an example of it in action:

$ mkdir /tmp/k
$ cd /tmp/k
$ date > df1.txt
$ date > df2.txt
$ kernel-filesystem-monitor-daemon-cat -v  watch .
setting up watch for:.
setting up watches
calling run
event on wd:1 . filename:df5.txt
CLOSE  URL:./df5.txt
event on wd:1 . filename:df5.txt
DELETE_FILE  URL:./df5.txt

Solution 4:

On the command line strace and ltrace may be what you want.

Solution 5:

SystemTap provides free software (GPL) infrastructure to simplify the gathering of information about the running Linux system. This assists diagnosis of a performance or functional problem. SystemTap eliminates the need for the developer to go through the tedious and disruptive instrument, recompile, install, and reboot sequence that may be otherwise required to collect data.

SystemTap provides a simple command line interface and scripting language for writing instrumentation for a live running kernel. We are publishing samples, as well as enlarging the internal "tapset" script library to aid reuse and abstraction.

Among other tracing/probing tools, SystemTap is the tool of choice for complex tasks that may require live analysis, programmable on-line response, and whole-system symbolic access. SystemTap can also handle simple tracing jobs.

http://sourceware.org/systemtap/

Related

Reset Bluetooth Components Without Having to Reboot
Last BIOS time on Task Manager
Outlook rule to *not* display a notification for certain messages
Apply changes in ~/.gitconfig
Creating video with audio and still image for YouTube
How to pass an argument to a Windows Scheduled Task with spaces in it
MySQL command line color prompt
Tunnel adapters on ipconfig?
Keyboard focus on first file in Windows explorer?
What file extensions should be used on GPG generated output?
Replacing Dropbox with: Amazon S3 + SSL + GPG/TrueCrypt + Mounting on OSX ?? [closed]
Excel chart with two X-axes (horizontal), possible?