Difference between revisions of "Log filesystem changes"
From Noah.org
Jump to navigationJump to search (Created page with 'Category:Engineering Sometimes I want to see a log of every single filesystem access by any process. This can be done with '''inotify''', but it would…') |
m |
||
| Line 1: | Line 1: | ||
[[Category:Engineering]] | [[Category:Engineering]] | ||
| − | Sometimes I want to see a log of every single filesystem access by any process. This | + | Sometimes I want to see a log of every single filesystem access by any process. This could be done with '''[[Inotify,_FAM,_Gamin|inotify]]''', but it would be slow to register the root directory of a large filesystem. |
| + | This is dumb: | ||
<pre> | <pre> | ||
inotifywatch -e modify -r / | inotifywatch -e modify -r / | ||
Revision as of 01:35, 4 March 2010
Sometimes I want to see a log of every single filesystem access by any process. This could be done with inotify, but it would be slow to register the root directory of a large filesystem.
This is dumb:
inotifywatch -e modify -r /
I wondered why there wasn't some log option to log everything at the kernel level that goes in or out of the block layer. It turns out that there is just such an option. It logs everything to the kernel log (dmesg). This generates a lot of noise, so you wouldn't want to leave it on all the time. The following demonstrates how to turn on logging for the filesystem:
# Turn on block device logging to dmesg. echo 1 > /proc/sys/vm/block_dump # Use one of the following three ways to observe the contents of dmesg: tail -f /var/log/syslog tail -f /var/log/kern.log while true; do dmesg -c; sleep 1; done; # Turn off block device logging to dmesg. echo 0 > /proc/sys/vm/block_dump
