如何查找哪些程序正在读取我的文件？

Question

观察进程打开哪些文件，或者哪些进程打开文件似乎是sysdig.

基本 opensnoop：监听文件在发生时打开
sysdig -p "%12user.name %6proc.pid %12proc.name %3fd.num %fd.typechar %fd.name" evt.type=open
观察名为 my.conf 的所有文件的 I/O 活动
sysdig -A -c echo_fds "fd.filename=my.conf"

福姆系统挖掘人

名称 sysdig - 权威的系统和进程故障排除工具

概要 sysdig [选项]... [过滤器]

描述。

   sysdig is a tool for  system  troubleshooting,  analysis  and  explo‐
   ration.   It  can  be used to capture, filter and decode system calls
   and other OS events.
   sysdig can be both used to inspect live systems, or to generate trace
   files that can be analyzed at a later stage.

   sysdig  includes  a powerul filtering language, has customizable out‐
   put, and can be extended through Lua scripts, called chisels.

Answer 1

观察进程打开哪些文件，或者哪些进程打开文件似乎是sysdig.

来自sysdig 示例页面

基本 opensnoop：监听文件在发生时打开
sysdig -p "%12user.name %6proc.pid %12proc.name %3fd.num %fd.typechar %fd.name" evt.type=open
观察名为 my.conf 的所有文件的 I/O 活动
sysdig -A -c echo_fds "fd.filename=my.conf"

福姆系统挖掘人

名称 sysdig - 权威的系统和进程故障排除工具

概要 sysdig [选项]... [过滤器]

描述。

   sysdig is a tool for  system  troubleshooting,  analysis  and  explo‐
   ration.   It  can  be used to capture, filter and decode system calls
   and other OS events.
   sysdig can be both used to inspect live systems, or to generate trace
   files that can be analyzed at a later stage.

   sysdig  includes  a powerul filtering language, has customizable out‐
   put, and can be extended through Lua scripts, called chisels.

如何查找哪些程序正在读取我的文件？

答案1

相关内容