1Demonstrations of filegone, the Linux eBPF/bcc version. 2 3 4filegone traces why file gone, either been deleted or renamed 5For example: 6 7# ./filegone 818:30:56 22905 vim DELETE .fstab.swpx 918:30:56 22905 vim DELETE .fstab.swp 1018:31:00 22905 vim DELETE .viminfo 1118:31:00 22905 vim RENAME .viminfo.tmp > .viminfo 1218:31:00 22905 vim DELETE .fstab.swp 13 14USAGE message: 15 16usage: filegone.py [-h] [-p PID] 17 18Trace why file gone (deleted or renamed) 19 20optional arguments: 21 -h, --help show this help message and exit 22 -p PID, --pid PID trace this PID only 23 24examples: 25 ./filegone # trace all file gone events 26 ./filegone -p 181 # only trace PID 181 27