FileMon for Linux (sort of…)

In Windows, Sysinternals (now Microsoft) programs FileMon and TcpMon allows things like if a process access a file and if it has trouble accessing, due to lack of permissions for example, and find out if some files or registry entries or something is missing…. and so on. It allows a very fast way to debug installation problems for example.

For Linux, an alternative is to execute the strace program:

strace -fo outputfile command&

tail -f outputfile

With the last command we can monitor in real time the process activity being done by the first command (the strace).

Because the output of the strace command is in the outputfile, you can after the monitoring session, process this file with tools like grep, cut and so on to search for the bit of information you need to know.

One thought on “FileMon for Linux (sort of…)

  1. Brilliant! I’ve been looking for something like this for ages. Filemon, regmon, and procmon were all invaluable in Windows for those times you need to do some real troubleshooting and I’ve been severely missing it in Linux!

    It’s true that it only does 1 process unlike procmon but tbh most of the time your only looking to troubleshoot 1 particular app anyway so it’s spot on (if you’re troubleshooting in reverse you’d use lsof or something instead.)

    Personally I don’t do it in real time, I just specify an output file, do what I need to do in the program then close it and open the output file with a text editor and scroll through it or search for keywords.

    Great tip thanks!

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.