Log every file that a process accesses

Question

I want to be able to take a process on a Linux machine and log every file that it opens, reads, or writes during a certain time window.

For example, let's say that I suspect that Apache is using an incorrect file for some reason. How could I run the request that triggers the file open/read and then get a list of every file that was opened by the Apache process in order to debug it?

score 3 · Accepted Answer · answered Jul 07 '17 at 16:16

3

Strace is one way that comes to mind.

This answer discusses it in greater detail:

Can strace show me the filename/path for read/write syscalls

answered Jul 07 '17 at 16:16

quadruplebucky

5,139
20
23

score 0 · Answer 2 · answered Jul 07 '17 at 18:31

0

Auditd is built for this purpose. You can create simple rules to log specific forms of access by uid, gid, (greater or less than uid/gid), directory, filesystem, etc.

answered Jul 07 '17 at 18:31

Aaron

2,859
2
12
30

Log every file that a process accesses

2 Answers2