Being relatively new to Debian / Linux, I'm looking for equivalents to Windows tools that I'm used to. For example, what is the "equivalent" to Window's procmon? Something like 'ps -ef', I know, gives a basic overview of what's running, but how do you drill down and correlate that with other things, such as users, files, etc?
http://technet.microsoft.com/en-us/sysinternals/bb896645.aspx It does the following (many of which, such as DLLs, aren't applicable in *nix environments). * Monitoring of process and thread startup and exit, including exit status codes * Monitoring of image (DLL and kernel-mode device driver) loads * More data captured for operation input and output parameters * Non-destructive filters allow you to set filters without losing data * Capture of thread stacks for each operation make it possible in many cases to identify the root cause of an operation * Reliable capture of process details, including image path, command line, user and session ID * Configurable and moveable columns for any event property * Filters can be set for any data field, including fields not configured as columns * Advanced logging architecture scales to tens of millions of captured events and gigabytes of log data * Process tree tool shows relationship of all processes referenced in a trace * Native log format preserves all data for loading in a different Process Monitor instance * Process tooltip for easy viewing of process image information * Detail tooltip allows convenient access to formatted data that doesn't fit in the column * Cancellable search * Boot time logging of all operations
