2011/5/4 Nicolas Ross <rossnick-lists at cybercat.ca>: > Hi ! > > I have a server (Centos 5) that is using a pair of SAS drives to store the > data. (Mail server) They are on an adaptec raid controler with a battery > backup and write back cache active. > > >From time to time, I have sever peak io to those data disks (> 400 to 500 > iops, > 70 to 100 megs/sec). > > With iostat, I find that it's almost a write i/o problem. How can I find to > which files the OS writes ? On OSX boxes, there is a utility called fs_usage > that can reports any disk activity for a particular process or all > processes. Is there any utility like this on Centos ? > > iotop can points me to wich process, but that doesn't points me to what > files are the culprits... I sugest a look for tools like this http://freshmeat.net/projects/fsniper it helps to make a script to watch file activities, and it uses a kernel feature I discovered inotify some months ago when I looked into every initscript in init.d [23:13:35 root at gw init.d]# cat /etc/redhat-release CentOS release 5.3 (Final) [23:13:45 root at gw init.d]# head restorecond #!/bin/sh # # restorecond: Daemon used to maintain path file context # # chkconfig: 2345 12 87 # description: restorecond uses inotify to look for creation of new files \ # listed in the /etc/selinux/restorecond.conf file, and restores the \ # correct security context. more about inotify: http://linux.die.net/man/7/inotify http://www.linuxjournal.com/article/8478 What Is inotify? inotify is a file change notification system—a kernel feature that allows applications to request the monitoring of a set of files against a list of events. When the event occurs, the application is notified. To be useful, such a feature must be simple to use, lightweight with little overhead and flexible. It should be easy to add new watches and painless to receive notification of events.