How to know recently updated files

linux files monitoring io
6,416

Solution 1

Find file modified within X minute under /path

find /path -cmin -X

Sign before minute:
    + more than X minutes / over X minutes
    - less than X minutes / within X minutes
   (no sign) exact

Example: find all files in /var/log (including sub-dir) modified within last 30min

find /var/log -cmin -30

Find file with size bigger X under /path

find /path -size +X<unit>

Sign before size:
    + larger than
    - less than
   (no sign) exact

<unit> :
    b = block (default,512byte)
    c = byte
    w = word (2-byte)
    k = kbyte
    M = Mbyte
    G = Gbyte

Example: find all files in /var/log (including sub-dir) bigger than 50k

find /var/log -size +50k

Combine

Example: find all files in /var/log (including sub-dir) bigger than 50k modified within last 30min

find /var/log -cmin -30 -size +50k

If you want to include 50k in your result, change to

find /var/log -cmin -30 -size +49k

PS: Avoid doing find / ..... as not only it will take a long time, it also include directories(/dev, /sys, /proc, ...) generally not suitable for search.

Solution 2

With find you have to actively search for files on the file system and trust their time stamps.

The altenative on a recent linux system is inotify. In that case the kernel watches for file system changes as they happen and you can query them for example with inotifywait -m. That should give you a good idea what is going on in real time.

The inotify approach does not work well when recursively monitoring large directory trees. In that case find will give you an idea what directories to monitor.

Share:
6,416
user2935706
Author by

user2935706

Updated on September 18, 2022

Comments

  • user2935706
    user2935706 over 1 year

    If I run iostat -x 1 I saw ocassionally large 5MB to 10MB writes.

    What files are being written?

    I want to check the recently created files with size over 5MB for example.

    How would I do so?

  • tink
    tink over 11 years
    John, -cmin 30 will find files EXACTLY changed 30 minutes ago. You're after -cmin -30 (30 minutes or newer).
  • John Siu
    John Siu over 11 years
    @tink Thank you, corrected. I remember to put it in the general line but forget to put it in examples.
  • Olivier Dulac
    Olivier Dulac over 11 years
    you could only check the files that lsof | grep / will display at the same time the io is showing a big write
  • michas
    michas over 11 years
    Do you really mean -cmin instead of -mmin?

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Monitoring filesystem activity
How to monitor which files lots of data is being written to on Linux?
Run command automatically when files are copied into a directory
Constantly check if file is modified bash
How can I monitor disk I/O in a particular directory?
iostat: await vs. svctm
Determining Specific File Responsible for High I/O
iotop showing 1.5 MB/s of disk write, but all programs have 0.00 B/s
Linux file access monitoring
When a process will go to 'D' state?