summaryrefslogtreecommitdiff
path: root/posts/watching-files.mdwn
blob: 2cfc77f15d595b0914ea6b79f039fdcf98ac242a (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
[[!meta title="Dear Lazyweb…"]]
[[!meta author="Daniel Silverstone"]]
[[!meta date="2010-07-23 14:22:17 +0100"]]
[[!tag converted-badly-from-textile tech]]

I am wanting to monitor what processes perform IO on a couple of files.
Unfortunately there appears to be a big lack of ability to do this under
Linux.

There’s inotify which I can use to watch the files and see when IN_OPEN
and IN_ACCESS (read) events occur, but inotify doesn’t tell me who
(PID) did them.

There’s debugfs which I can use to monitor the open operations
(do_sys_open) but not the read events, so I can see who opens it, but
not how often or how much they read.

Is there any way to join this all up, and get the info I want, or is
Linux not currently capable of that level of tracing?

Yours frustratedly,

Daniel.

<hr />
Update: SystemTap was a nice idea, but it needs a custom kernel. I need
this to work on “stock” kernels ideally.