Linux command
fatrace 命令
安全
权限或系统影响较大,执行前请核对目标。
常用示例
Example
sudo fatrace
Example
sudo fatrace -C [program_name]
Example
sudo fatrace -c
Example
sudo fatrace -t
Example
sudo fatrace -f RW
Example
sudo fatrace -s [10] -o [output.log]
说明
fatrace reports file access events from the kernel's fanotify interface. It shows which processes are accessing which files in real-time, helping identify processes causing unnecessary disk activity or wake-ups. Useful for debugging, security monitoring, and understanding application file access patterns.
参数
- -c, --current-mount
- Only record events on the partition/mount of the current directory.
- -C, --command _COMMAND_
- Show only events for this command name.
- -f, --filter _TYPES_
- Show only the given event types: C (close), R (read), O (open), W (write), D (delete), + (create), < (move).
- -o, --output _FILE_
- Write events to the given file instead of standard output.
- -p, --ignore-pid _PID_
- Ignore events for this process ID. Can be specified multiple times.
- -s, --seconds _SECONDS_
- Stop after the given number of seconds.
- -t, --timestamp
- Add timestamps to events. Specify twice for epoch format.
- -h, --help
- Print help and exit.
FAQ
What is the fatrace command used for?
fatrace reports file access events from the kernel's fanotify interface. It shows which processes are accessing which files in real-time, helping identify processes causing unnecessary disk activity or wake-ups. Useful for debugging, security monitoring, and understanding application file access patterns.
How do I run a basic fatrace example?
Run `sudo fatrace` in a terminal, then adjust file names, paths, flags, or remote targets for your system.
What does -c, --current-mount do in fatrace?
Only record events on the partition/mount of the current directory.