User: Password:
Subscribe / Log in / New account

The fanotify API

The fanotify API

Posted May 19, 2011 0:27 UTC (Thu) by anjwicks (guest, #75008)
In reply to: The fanotify API by rawler
Parent article: The fanotify API

A use case you mentioned is exactly why I'm interested in fanotify. I tried very hard to make inotify work for this purpose but could not get the information I needed (scan and parse /proc) in time (the event would be gone by the time I got around to finding it). The problem is, inotify simply didn't provide the pid of the process who triggered the event.

I am excited about fanotify and found out about it just in time. I want to thank Eric and the other guys who put in the work and provided the capabilities.

I'm going to try to use fanotify to help tune a Linux installation based on what software is actually being used. There is a tool out there like this called popcon, but it is difficult to get proper precision based on atime accesses.

Currently, I'm only interested in OPEN events and don't yet care about blocking events. So, this will work just fine.

The reason I mentioned all of this is because I'm under the impression the tool I need doesn't exist. So I'm off to try to make it. If anybody knows of something already completed, please stop me now! :) -jeff wicks

(Log in to post comments)

The fanotify API

Posted May 19, 2011 4:04 UTC (Thu) by dtlin (✭ supporter ✭, #36537) [Link]

Kinda expensive/verbose, but auditd would work, wouldn't it?

Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds