Monitoring filesystem changes, made by programm/command/script

Simargol · 2015-06-11 11:00:11

Hello, guys. Archlinux is my first serious linux experience as desktop OS. I'm in a process of learning...

Often I want to view changes which some programm/command/script makes in file system: which files or directories were created/deleted/modified(only the status of being modified, not the difference).

Something like this:

or better

but maybe with a bit more powerful customisation:
Filter by certain process. I dont what to see every single change in file system. I want to see only changes invoked by certain process or it's children:
- Specify pid of running programm and watch changes, made by this programm.
- Specify pid of terminal and watch changes, made only by commands in this terminal.

I've tried inotify-tools. It is ok, but:
- it doesn't seem to have this process filter (major issue for me, reasons described above).
- it is doesn't have any gui wrapper (minor)

Is there anything like that? Do I want too much?

Last edited by Simargol (2015-06-11 11:09:16)

Spider.007 · 2015-06-11 11:13:20

Have a look at `man strace`. A nice GUI will be hard to find though...

charli3 · 2015-06-11 11:25:48

If you can't find one to your liking in the spirit of open source development you can see if there's something already being created and fork your own project or start a new one layered over your CL utility of choice.

Last edited by charli3 (2015-06-11 11:29:04)

Simargol · 2015-06-11 13:53:27

Spider.007 wrote:

Have a look at `man strace`. A nice GUI will be hard to find though...

Thx for pointing. I've played with it a bit. But it seems to be too lowlevel, it gives raw information. I couldn't make it give only necessary information (~ CREATE, MODIFY, DELETE file). Like inotifywait, for example:

[simargol@mdxb ~]$ touch bzz.txt
[simargol@mdxb ~]$ rm bzz.txt

[simargol@mdxb ~]$ inotifywait -m ~
Setting up watches.
Watches established.
/home/simargol/ CREATE bzz.txt
/home/simargol/ OPEN bzz.txt
/home/simargol/ ATTRIB bzz.txt
/home/simargol/ CLOSE_WRITE,CLOSE bzz.txt
/home/simargol/ DELETE bzz.txt

Simple and clean.
Overall, maybe it not as easy task as I thought.

charli3 wrote:

If you can't find one to your liking in the spirit of open source development you can see if there's something already being created and fork your own project or start a new one layered over your CL utility of choice.

Yes, but I thought that there could be a working solution. =/

Last edited by Simargol (2015-06-11 13:57:39)

Spider.007 · 2015-06-11 14:01:25

strace -e trace=open,close,read,write

isn't good enough? It's described in the manpage I pointed you to

Trilby · 2015-06-11 14:06:24

Depending on your final goal, you might also be interested in lsof. You can grep the output of lsof for a PID of a given process. However, this just gets a current snapshot, you'd have to use this in a loop to catch any filesystem "events", and then you may miss very fast actions (link/cp/mv or unlink/rm) that would complete between calls to lsof.

I do think parsing strace would be your best bet - just check out the man page, you might start with someting like the following:

strace -e trace=open,openat <your_command>

You could direct the stderr to a file for further parsing:

strace -e trace=open,openat <your_command> 2>trace
sed 's|[^"]*"\([^"]*\)".*|\1|' trace

Arch Linux

#1 2015-06-11 11:00:11

Monitoring filesystem changes, made by programm/command/script

#2 2015-06-11 11:13:20

Re: Monitoring filesystem changes, made by programm/command/script

#3 2015-06-11 11:25:48

Re: Monitoring filesystem changes, made by programm/command/script

#4 2015-06-11 13:53:27

Re: Monitoring filesystem changes, made by programm/command/script

#5 2015-06-11 14:01:25

Re: Monitoring filesystem changes, made by programm/command/script

#6 2015-06-11 14:06:24

Re: Monitoring filesystem changes, made by programm/command/script

Board footer