The 2024 Developer Survey results are live! See the results

1. Home
2. Questions
3. Tags
5. Users
6. Jobs
7. Companies
8. Unanswered
Teams

Now available on Stack Overflow for Teams! AI features where you work: search, IDE, and chat.
Learn more Explore Teams
Teams
Ask questions, find answers and collaborate at work with Stack Overflow for Teams. Explore Teams

How do I live monitor on linux what files get accessed created modified and deleted?

Ask Question

Asked 8 years, 2 months ago

Modified 8 years, 2 months ago

Viewed 5k times

4

How do I monitor from this moment on what files get accessed / modified / created / deleted. (in live mode), similar to fseventer / fslogger?

edited May 7, 2016 at 19:07

DavidPostill♦

159k77 gold badges365 silver badges408 bronze badges

asked May 7, 2016 at 18:55

user1861388

951 gold badge3 silver badges7 bronze badges

Now I changed the title, as I'm interested about the process, not to shop anything.
– user1861388
Commented May 7, 2016 at 19:05

Add a comment |

1 Answer 1

Sorted by:

9

On unix system you can use inotify-tools, built on top of inotify kernel subsystem API.

By inotifywait you can have live mode monitoring on standard output:

inotifywait -m -r -e access -e modify -e create -e delete --format 'PATH:%w%f EVENTS:%,e' {{path_to_monitor}}

Notes:

-m: monitor indefinitely
-r: recursive monitor
-e: specify file system events to be monitored
--format: specify the output of the command

Example (command performed on monitored directory followed by realtime inotifywait output):

$ cd {{path_to_monitor}}
$ touch test
PATH:./test EVENTS:CREATE
$ rm test
PATH:./test EVENTS:DELETE

answered May 7, 2016 at 21:21

lgaggini

3062 silver badges4 bronze badges

Add a comment |

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged
filesystems
logging
monitoring
watch
.