ls -l /proc/$PID/fd/
(Both tricks are Linux only)
lsof -c [process name]
lsof -p [pid]
Not taking anything away from lsof as I do use it myself but I do also think there is also merit in learning the /proc file system too because it helps illuminate some of the not-so-hidden magic behind Linux. Even if you then still find lsof or similar become your preferred utility.
Edit: By monitoring things, I mean like finding how far through a dd is after you have started it already.
ls -al /proc/$PID/fd/ | wc -l
Useful for actually knowing what that specific process has open and is respecting your Max Open Files settings.
I'm looking at you Influx.
`strace -e trace=file`
I see that you are using ptrace to monitor a process. That is also used by strace. Is there something else your application does that strace does not (In relation to files)?
> Isn't this just a reimplementation of strace -fe trace=creat,open,openat,unlink,unlinkat ./program?
> Yes. Though it aims to be simpler and more user friendly.
edit: fatrace is system-wide, whereas the current tools monitors a specific process
read(3</proc/filesystems>, "", 1024) = 0
Maybe that is where the porting effort went.
This traces file events of a single process. Strace can be coaxed into something similar.
Because strace on Linux still fails with:
strace: ptrace(PTRACE_TRACEME, ...): Operation not permitted