Note: This quesiton is NOT show me which files are in use. The file is not currently in use. The file will be in use at some unknown point in the future. At that point, I want to know what process accessed the file.
I would like to be able to track a file and see which process is touching that file. Is that possible? I know that I can see the list of open processes in activity monitor but I think it's happening to quickly for me to see it. The reason for this is I'm using a framework and I think the system version of the framework is being used instead of the debug version and I'd like to see which process is touching it.
That's simple: sudo fs_usage | grep [path_to_file]
lsof will list open files, but it can be a bit awkward for momentary touches (eg, if the file isn't open when lsof runs, it doesn't show).
I think your best bet would be fernLightning's fseventer.app. It's "nagware", and allows you to watch (graphically) the fsevents API in real-time.
But I spent 2 minutes Googling and found your answer here.
$ lsof | grep [whatever]
Where [whatever] is replaced with the filename you're looking for.
With this, you can see which program is desperately holding onto your
about-to-be-trashed file. Once you exit that program, your trash will
empty.
The faster way is:
$ lsof -r [path_to_file]
This solution doesn't require the root password and gives you back the following, clear, result:
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
Finder 497 JR7 21r REG 1,2 246223 33241712 image.jpg
QuickLook 1007 JR7 txt REG 1,2 246223 33241712 image.jpg
The -r argument keeps the command alive and should log any new file touched by the process you want to track.
Another option is Sloth. It's a free, open source GUI for LSOF that others have mentioned.
Related
To list dir in my GIT BASH Terminal I use the following command
ls -al | less (to show one page at a time).
However upon exiting from the listing using ZZ or Q, the display on the terminal is getting refreshed and I am losing all the content just listed, and I am going back to the command line.
What would be nice is to use CTL-C key combination out of the ls listing at the point where I want it, and to keep that content displayed on the terminal so I can copy the file name or whatever. Any suggestions how to solve this problem?
My .bashrc file is pretty minimal and I don't have much going on there.
Reproduced here.
alias 'll=ls -al|less'
PS1="\$PWD:\d\n\$"
Thanks for any pointers.
I'm downloading multiple links using aria2c using a list of links. At the end of the download run, aria2c outputs a summary table on the terminal like so:
Download Results:
gid |stat|avg speed |path/URI
======+====+===========+============
1d11bc|OK | 23KiB/s|/mnt/72B627...
I want to:
Make the table show the original links from where the download happened
Save this table to a file.
In the docs all I've found is --download-result=<OPT> which might help towards 1 but I can't find anything hinting towards 2. Is there any option in aria2c to save that summary table? If not, then is there a way to capture it from terminal output but not have to capture all the other stuff?
This might be something very obvious but I'm not able to find anything for this right now. Just for completeness, i'm on an Ubuntu OS and using aria2c in the Terminal.
With logging --log and --log-level maybe you can generate the table again.
I am using fswatch to monitor a directory and run a script when video files are copied into that directory:
fswatch -o /Path/To/Directory/Directory | xargs -n 1 sh /Path/To/Script/Script.sh
The problem is that the file is often not completed its copy before the script is actioned. The files are video files of varying size. Small files are OK, larger files are not.
How can I delay the fswatch notification until the file has completed its copy?
First of all, the behaviour of the fswatch "monitors" is OS-specific: when asking question about fswatch you'd better specify the OS you use.
However, there's no way to do that using fswatch alone. A process may open a file for writing and keep it open for an amount of time sufficiently long for the OS to send multiple events. I'm afraid there is nothing fswatch can do about it.
An alternate approach may be using another tool to check whether the modified file is currently open: if it is not, then run your script, otherwise skip it and wait for its next event. Such tools are OS-specific: in OS X and Linux you may use lsof. Beware this approach does not protect you from another process opening that file while your script is running.
From what I see, network mapped drives appear as subfolders of the /Volumes folder.
What is the proper way to get file changes updates (delete/create/update) from this folder?
Would /dev/fsevents work for that?
How does Finder know about the changes?
You're correct, OS X mounts the network drives in /Volumes
The way to get file change updates is to use File System Events API. It is a C-based API where you would watch for all changes in specific directories (or even /).
You would create the stream with FSEventStreamCreate and starting it with FSEventStreamScheduleWithRunLoop
Be prepared to dig into the header-file as there is more documentation on it as in the Reference documentation
From what I can tell, Finder probably uses some internal API or the kernel queues which are more complex to setup than the higher-level API of FSEvents.h
There is a nice GUI to helping you see how the whole events come in. It's called fseventer by fernlightning (not yet Yosemite ready)
You can use fswatch, which I find easest to install via homebrew. And, yes it does use FSEvents. Then you just do:
fswatch /Volumes/MUSIC
where MUSIC is a Samba-based music server on my network.
Here is how it looks in action... first I show the mounted volumes (and that MUSIC is Samba based) in the top window, then I start fswatch in the bottom left window, then I make modifications in the filesystem in the top window and you can see them happen in the Finder and also see in the bottom left window that fswatch tracks all the events.
You can also use it to interact with another program whenever events are detected, like this (extracted from the fswatch manpage):
Probably the simplest way to pipe fswatch to another program in order to respond to an event is
using xargs:
$ fswatch -0 [opts] [paths] | xargs -0 -n 1 -I {} [command]
fswatch -0 will split records using the NUL character.
xargs -0 will split records using the NUL character. This is required to correctly match
impedance with fswatch.
xargs -n 1 will invoke command every record. If you want to do it every x records, then
use xargs -n x.
xargs -I {} will substitute occurrences of {} in command with the parsed argument. If
the command you are running does not need the event path name, just delete this option.
If you prefer using another replacement string, substitute {} with yours.
Here is what I am trying to do: I need to know whenever a file is read or used by a tool (e.g. compiler). I use ls to get the last accessed time using the following command
ls -l --time=access -u --sort=time --time-style=+%H:%M:%S
or
stat "filename"
But my files access times are not getting updated, I figured its because of caching! please correct me if I am wrong. So my next step was how can I clear the cache, researching it I came across some variations of the following command:
sync && echo 3 | sudo tee /proc/sys/vm/drop_caches
The thing is even after I execute this command my file access time is not updated! My way of testing access time is by opening the file in gEdit or call gcc on my source file.
My setting: Ubunto 12.0.4 running on VMware, which is running on Win 7
Question: what am I missing or doing wrong that my access time is not being updated??
What you're observing is the change in the default mount option starting 2.6.30 in order to bring about filesystem performance improvement.
Quoting from man mount:
relatime
Update inode access times relative to modify or change time.
Access time is only updated if the previous access time was ear‐
lier than the current modify or change time. (Similar to noat‐
ime, but doesn't break mutt or other applications that need to
know if a file has been read since the last time it was modi‐
fied.)
Since Linux 2.6.30, the kernel defaults to the behavior provided
by this option (unless noatime was specified), and the stricta‐
time option is required to obtain traditional semantics. In
addition, since Linux 2.6.30, the file's last access time is
always updated if it is more than 1 day old.
(Also refer to this and this.) You might be looking for the following mount option:
strictatime
Allows to explicitly requesting full atime updates. This makes
it possible for kernel to defaults to relatime or noatime but
still allow userspace to override it. For more details about the
default system mount options see /proc/mounts.