fatrace - Man Page

report system wide file access events

Synopsis

fatrace [ Options ]

Description

fatrace reports file access events from all running processes.

It does not report file access by fatrace itself, to avoid logging events caused by writing the output into a file. It also ignores events on virtual and kernel file systems such as sysfs, proc, and devtmpfs.

Its main purpose is to find processes which keep waking up the disk unnecessarily and thus prevent some power saving.

By default, events are reported to stdout. This will cause some loops if you run this tool in e. g. gnome-terminal, as this causes a disk access for every output line. To avoid this, redirect the output into a file.

Output Format

A typical event looks like

rsyslogd(875): W /var/log/auth.log
compiz(1971): O device 8:2 inode 658203

The line has the following fields:

If you specify the --timestamp option, the first field will be the current time.

Options

-c, ā€‰--current-mount

Only record events on partition/mount of current directory. Without this option, all (real) partitions/mount points are being watched.

-o FILE, --output=FILE

Write events to given file instead of standard output.

-s SECONDS, --seconds=SECONDS

Stop after the given number of seconds.

-t, ā€‰--timestamp

Add timestamp to events. When this option is given once, the format will be a human readable hour:minute:second.microsecond; when given twice, the timestamp is printed as seconds/microseconds since the epoch.

-p PID, --ignore-pid=PID

Ignore events for this process ID. Can be specified multiple times.

-f TYPES, --filter=TYPES

Show only the given event types. TYPES is a list of C, R, O, W, D, +, or < with the above meanings. < and > both mean "move" and will always enable both directions.

E. g. use --filter=OC to only show open and close events.

-C COMMAND, --command=COMMAND

Show only events for this command.

-h , --help

Print help and exit.

Author

fatrace is developed by Martin Pitt <martin@piware.de>.

Info

August 20, 2020 Martin Pitt