Monitoring file activity on Linux hosts

While reviewing one of my Linux hosts, I noticed that a bunch of write activity was occurring to one specific file system. I was curious to see what this write activity was, so I started reading up on the Linux inotify framework. Inotify allows you to monitor file system events, and the super useful iwatch utility provides a command line interface to the inotify framework. When iwatch is executed and passed the name of a directory on the command line, it will print all of the events that are applicable to that directory:

$ iwatch -v /tmp

This command line will cause a line to be printed to STDOUT each time an event is triggered due to operations taking place in /tmp. If you would prefer to get an e-mail when events occur, you can add the “-m” option to the command line:

$ iwatch -v -m /tmp

This utility rocks, and I hope Solaris will provide a similar utility to take advantage of their notification framework.

This article was posted by Matty on 2009-02-28 11:12:00 -0400 -0400