Equivalent of SysInternals FileMon for Linux?

Solution 1:

You're looking for strace. Have a look here: https://wiki.ubuntu.com/Strace

Solution 2:

It depends on what you want:

• In the large, you want to look at inotify to see all file accesses that any process makes.

• In the small, strace will let you watch the syscalls a particular process makes. Strace is pretty awesome. You can trace a process's calls to 'open' by doing strace -f -eopen $cmd, for instance. The man page has full details on syntax, of course.

---

Solution 3:

strace in front of an starting application is good to watch what the app is doing.
lsof is nice to see which files an already running app is using.

BTW:
lsof -ni:22 shows which process is using Port 22.

---

Solution 4:

SGI has a tool that you might want to try: http://oss.sgi.com/projects/fam/