search

Home  >  Q&A  >  body text

nginx - ngingx.pid is mysteriously missing. Is it possible to monitor who has operated on this file over a period of time?

ngingx.pid disappeared mysteriously. .
Is there any way to monitor this file for a period of time
Who operated on it?

迷茫迷茫2781 days ago547

reply all(1)I'll reply

  • 習慣沉默

    習慣沉默2017-05-16 17:32:06

    It seems to be more troublesome. The inotify mechanism provided after Linux 2.6.13 can monitor when files are deleted, but it may not be easy to obtain the deleter's information.

    To go around a bit, write an unlink function, wrap the unlink system call, save the file name given by the call, the pid of the calling process and other information somewhere, and then replace the system's unlink function with the LD_PRELOAD mechanism of Linux. If the deleter does not statically link/assemble and directly calls unlink, the result should be visible.

    reply
    0
  • Cancelreply