Is there a Unix/Linux equivalent of Process Monitor, whether GUI or CUI?
If it makes a difference, I'm looking at Ubuntu, but if there's an equivalent for other systems (Mac, other Linux variants like Fedora, etc.) then knowing any of those would be useful too.
Process Monitor is for monitoring system calls (such as file creation or writes), while Process Explorer is for monitoring process status (which is like System Monitor). I'm asking for the former, not the latter. :-)
The grandaddy of all process monitors is top, and many system monitoring tools are called top. For example, there's iotop to watch disk I/O, atop for a bunch of system resources, powertop for power consumption.
If you want more detailed information, it's not tracked by default. To watch what a particular process is doing, call strace on it. For example, if you're only interested in filesystem accesses:
strace -s9999 -efile command_name # trace a program during its whole execution
strace -s9999 -efile -p1234 # trace a running program with the given PID
strace is specific to Linux, but other systems have a similar tool: truss on Solaris, ktrace or dtrace under *BSD, etc.
To watch what's happening to a particular file or in a particular directory or directory tree, use the inotify facility.
inotifywait -m .
Again, the facility is specific to Linux, but most other unices have a similar system, e.g. kqueue under *BSD, and FAM (originally from SGI but now available as an API on many systems).
To watch all the system calls under Linux, you can use the audit subsystem. It's relatively recent and there's not much literature on the topic; search for auditctl or read the auditctl man page. There are a couple of examples on this site: tracking file accesses, tracking process execution.
The console standby for this is top, but there are alternatives like my favorite htop that give you a little more display flexibility and allow you a few more operations on the processes.
A less interactive view that is better for use in scripts would be the ps program and all it's relatives.
Edit: Based on your clarified question, you might note that strace handles watching system calls made by a given process including all read-write operations and os function calls. You can activate it on the command line before the program you want to track or attach to a running process by hitting s on a process selected in htop.
top is the equivalent of Process Explorer, not Process Monitor, right?
– user541686
May 21 '11 at 20:30
htop covered all the details except boot sequence monitoring. At best it could be activated in screen/tmux sometime part way through a linux boot cylce.
– Caleb
May 21 '11 at 20:49
strace, which you can activate from htop by hitting s on a process or manually from the command line when you run something or with a process id.
– Caleb
May 21 '11 at 20:50
You may want to take a look at lsof and strace. Sysinternal's Process Monitor is actually Filemon and Regmon combined with a some additional enhancements. The top command is more like Process Explorer.
I'm really late for answering this, but I have started a project that aims to do exactly what you're looking for. Have a look at it here: https://github.com/alexandernst/monks
I've not used that Process Monitor, but as far as I can tell it's the same as gnome-system-monitor on a Gnome system. If you use KDE they probably have something similar.
dtrace4linux allows you to trace some interesting tidbits of the kernel. Although it appears to be more powerful than sysdig, unfortunately is not so well behaved.
iotop -o -b -Pshows me which processes are doing disk I/O operations – bartolo-otrit Jul 27 '18 at 06:17