sysdig
An awesome host inspection tool, with tcpdump like tool and an interface similar to top et al. - http://www.sysdig.org/
Installation - CentOS
Their shell script installs epel from a 3rd party source, so it's best to use this method instead:
rpm --import https://s3.amazonaws.com/download.draios.com/DRAIOS-GPG-KEY.public && \
curl -s -o /etc/yum.repos.d/draios.repo http://download.draios.com/stable/rpm/draios.repo && \
yum -y install kernel-devel-$(uname -r) && \
yum -y install sysdig
Examples
Simple usage
sysdig
Write a system trace file
sysdig -w tracefile.scap
Replay a tracefile
sysdig -r tracefile.scap
Show filters
sysdig -l
Show activity for access to a given file
sysdig -l fd.name=/etc/hosts
Show shell commands for all users
sysdig -pc -c spy_users
Spy on a user and exclude a process
sysdig -pc -c spy_users proc.name!=gmetric
Or exclude multiple processes
sysdig -pc -c spy_users "not proc.name in ( gmetric, awk, sed, grep )"
Show a top like interface
csysdig