Menu
i know there's a fuser command that lists out pids of processes, but how do you continuously monitor what process accessed the file? (think behavior similar to tail -f filename)
say there's a process which writes to a file and releases the handle at some interval, so it's hard to catch that process using fuser.
852
Lsof is used on a file system to identify who is using any files on that file system. You can run lsof command on Linux filesystem and the output identifies the owner and process information for processes using the file as shown in the following output.
Navigate to Computer Configuration -> Windows Settings -> Security Settings ->Local Policies -> Audit Policy. Under Audit Policy, select 'Audit object access' and turn auditing on for both success and failure.
you could watch to execute commands at periodic intervals. Watch also supports a differences flag for purposes of highlighting differences on consecutive runs
watch -n 5 'fuser file_name'
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
