inotify-watch-finder

command module

v0.1.0 Latest Latest Go to latest Published: Jan 15, 2020 License: GPL-2.0 Imports: 9 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/jmainguy/inotify-watch-finder

Links

Open Source Insights

README ¶

inotify-watch-finder

This tool is designed to help find what files / directories are being watched by a specific PID.

We had 65,000 inotify's being consumed by the kubelet on one of our hosts, and used this tool to see what it was watching (/sys/fs/cgroup it turns out)

Usage

First, find out which PID you want to check
Find the inotify files in fdinfo

ls -l /proc/<PID>/fd | grep -i inotify

Start catting the same number you found above in /fdinfo, and find the file with tons of lines in it instead of 4-5

cat /proc/<PID>/fdinfo/26

Use inotify-watch-finder to track down the files being watched.

This tool finds the inode for each watch, and then it finds the inode of every file on the system, / specifically.

Then it finds the filename for each inode in the first list and prints it out, giving you the name of all files being watched by that process.

This takes along time, on our system, about 40 minutes. I suggest piping it to a text file and reviewing it later at your convenience.

nice ./inotify-watch-finder -fdinfo /proc/123031/fdinfo/23 > /tmp/inotifyReport

Build

export GO111MODULE=on
go mod init
go build

Documentation ¶

There is no documentation for this package.

Source Files ¶

View all Source files

main.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL