osx - monitor all changes to files on UNIX system

17
2014-04
  • luca

    I'm trying to figure out what changes to disk an app does.. and it's very messy. I'd like a way to monitor my entire file system for a few seconds to know which files have been accessed and written to. I thought of checking the modified date.. but of course it takes ages to do that for every file... there must be a cleverer way!

  • Answers
  • Gordon Davisson

    Check out fs_usage (shows all filesystem activity), creatbyproc.d (just file creation), filebyproc.d (just file opens), opensnoop (similar, different format), and rwsnoop (reads and writes).

  • pboin

    For Linux, you'd check into 'inotify'. Quick research indicates the same tech for OSX is called 'kqueue'. It hooks into the filesystem and fires when events happen.

    As usual, IBM has an excellent article.


  • Related Question

    command line - List all content of all files in the directory UNIX
  • PaN1C_Showt1Me

    How to list all files-content in a directory?

    something like ls -la | cat.


  • Related Answers
  • Studer

    Use the following command, recursive :

    find /path/to/folder -type f -exec cat {} \;

    Non-recursive version (due to popular pression) :

    find /path/to/folder -maxdepth 1 -type f -exec cat {} \;

  • samueldr

    The following command:

    find ./ -type f -exec cat {} \;
    

    would find only files (-type f) from the current folder (./).

    Studer's answer is good, and excluding directories is a good idea because it is an undefined behavior between unices, read grawity's comment. Here are two known behaviors :

    • cat on Linux will throw an error message when trying to cat a directory cat: ./folder: Is a directory).
    • cat on FreeBSD will dump the raw directory, as stored on-disk.

    If you need more information about the command or something more about it, please reply and I will annotate more/help you.

    Edit: As John T pointed out, this command will go into every sub-directories. If you need only to cat files from the current directory, you would need -maxdepth 1, thus giving:

    find ./ -maxdepth 1 -type f -exec cat {} \;
    

    The -maxdepth n option can also be used to limit it to an n amount of sub-directories, 1 being the current directory, 2 being the current directory and its direct descendants, and so on.