Fnotifystat is a utility I wrote to help identify such file system activity. My desire was to make the tool as small as possible for small embedded devices and to be relatively flexible without the need of using perf just in case the target device did not have perf built into the kernel by default.
By default, fnotifystat will dump out every second any file system open/close/read/write operations across all mounted file systems, however, one can specify the delay in seconds and the number of times to dump out statistics. fnotifystat uses the fanotify(7) interface to get file activity across the system, hence it needs to be run with CAP_SYS_ADMIN capability.
An open(2), read(2)/write(2) and close(2) sequence by a process can produce multiple events, so fnotifystat has a -m option to merge events and hence reduce the amount of output. A verbose -v option will output all file events if one desires to see the full system activity.
If one desires to just monitor a specific collection of processes, one can specify a list of the process ID(s) or process names using the -p option, for example:
sudo fnotifystat -p firefox,thunderbird
fnotifystat catch events on all mounted file systems, but one can restrict that by specifying just path(s) one is interested in using the -i (include) option, for example:
sudo fnotifystat -i /proc
..and one can exclude paths using the -x option.
More information and examples can be found on the fnotifystat project page and the manual also contains more details and some examples too.
Fnotifystat 0.01.10 is available in Ubuntu Vivid Vervet 15.04 and can also be installed for older releases from my power management tools PPA.
No comments:
Post a Comment