Panoptik — File Descriptor Observability Platform

Capabilities

Every file descriptor. Every process. Every socket.

Panoptik gives your infrastructure team complete observability across the file descriptor layer — the most fundamental and most overlooked component of your stack.

🌐

Network Socket Intelligence

Surface every open network connection with -i filtering. Drill into specific ports with -i :PORT, isolate TCP or UDP, and detect rogue listeners across your fleet.

-i :PORT

🔬

Process-Level Inspection

Pin-point exactly which files a process has open with -p PID. Cross-reference by user with -u USER or command name with -c COMMAND. Zero ambiguity.

-p PID

📁

Directory Tree Scanning

Recursive open-file discovery with +D DIR. Find every process touching any file in a directory tree — mission-critical for compliance audits and incident response.

+D DIR

⚡

Terse Mode Pipeline

Machine-readable PID-only output with -t. Purpose-built for composable pipelines, automation workflows, and piping directly into orchestration layers.

-t

🔄

Continuous Monitoring

Real-time repeat mode with -r SECS. Panoptik continuously polls and refreshes your file descriptor landscape at configurable intervals. Observability that never sleeps.

-r SECS

🧮

Boolean Query Engine

Combine selection criteria with -a (AND logic). Intersect user filters, network filters, and command filters for surgical precision queries at scale.

-a

🔗

Link Count Analysis

Detect unlinked-but-open files with +L. Find deleted files still consuming disk — the invisible storage leak that silently drains your infrastructure budget.

🚀

Zero-Latency Resolution

Bypass DNS and port-name resolution with -n and -P for raw, unprocessed speed. When every millisecond counts during an incident, Panoptik delivers.

-n -P

Workflow

From zero to full observability in four steps

Connect

Deploy the Panoptik agent to your hosts. One binary, zero dependencies. It begins streaming file descriptor telemetry immediately.

Query

Use our powerful query language to filter by process, user, port, file type, or directory. Combine conditions with AND logic for surgical precision.

Monitor

Activate continuous monitoring with configurable refresh intervals. Panoptik watches your file descriptor landscape and alerts on anomalies.

Act

Pipe terse output directly into your automation layer. Kill leaked processes, clean up ghost files, and close rogue sockets — all from one pane of glass.

In Action

See Panoptik in your terminal

Drop-in CLI that surfaces the data you need, exactly when you need it.

List all network connections

$ panoptik -i -n -P
COMMAND     PID   USER   FD   TYPE   DEVICE SIZE/OFF NODE NAME
nginx      1024   root   12u  IPv4  0x3a2f      0t0  TCP *:443 (LISTEN)
nginx      1024   root   13u  IPv4  0x3a30      0t0  TCP *:80 (LISTEN)
postgres   2048   pg     5u   IPv4  0x7c11      0t0  TCP 127.0.0.1:5432 (LISTEN)
node       3901   app    23u  IPv6  0x8f03      0t0  TCP *:3000 (LISTEN)
redis      4105   redis  6u   IPv4  0x2b44      0t0  TCP 127.0.0.1:6379 (LISTEN)
sshd        892   root   3u   IPv4  0x1a09      0t0  TCP *:22 (LISTEN)

Inspect a specific process

$ panoptik -p 2048
COMMAND     PID   USER   FD   TYPE   DEVICE  SIZE/OFF    NODE NAME
postgres   2048   pg    cwd    DIR   253,1      4096  131073 /var/lib/postgresql
postgres   2048   pg    rtd    DIR   253,1      4096       2 /
postgres   2048   pg    txt    REG   253,1  14823456  393218 /usr/lib/postgresql/bin/postgres
postgres   2048   pg    mem    REG   253,1   2029592  393440 /usr/lib/x86_64-linux-gnu/libc.so.6
postgres   2048   pg      0u   CHR     1,3       0t0       6 /dev/null
postgres   2048   pg      5u  IPv4   0x7c11      0t0     TCP 127.0.0.1:5432 (LISTEN)
postgres   2048   pg      7u   REG   253,1   8192000  524290 /data/pg/base/16384/16385

Find who's using port 443

$ panoptik -i :443
COMMAND     PID   USER   FD   TYPE   DEVICE SIZE/OFF NODE NAME
nginx      1024   root   12u  IPv4  0x3a2f      0t0  TCP *:https (LISTEN)
nginx      1025   www    14u  IPv4  0x3a31      0t0  TCP 10.0.1.5:https->10.0.2.8:52341 (ESTABLISHED)
nginx      1025   www    15u  IPv4  0x3a32      0t0  TCP 10.0.1.5:https->10.0.2.9:48876 (ESTABLISHED)

Kill leaked file holders

$ panoptik -t +D /var/log/old | xargs kill -HUP
# Terse mode returns only PIDs — composable by design

$ panoptik -t -u deploy -a -c node
3901
3902
3903

Capability	Panoptik	Competitor A	Competitor B
Network socket monitoring	✓ Full TCP/UDP/IPv4/IPv6	TCP only	Limited
Process-to-file mapping	✓ Real-time	Batch only	✗
Boolean query engine	✓ AND/OR logic	✗	OR only
Repeat/continuous mode	✓ Configurable intervals	✗	Fixed 60s
Unlinked file detection	✓ +L link counts	✗	✗
Machine-readable output	✓ Terse + field output	JSON only	✗
Directory tree deep scan	✓ Recursive	Top-level only	✗

Social Proof

Trusted by infrastructure teams worldwide

"We found 2,400 leaked file descriptors from a zombie process that had been silently consuming our NFS mount for weeks. Panoptik's +L mode paid for itself in the first hour."

Ivan Ramirez VP of Infrastructure, ScaleForge

"The boolean query engine is category-defining. Being able to AND user filters with port filters and command filters — that's the observability primitive we've been missing."

Elena Marsh SRE Lead, DataMesh

"During a production incident, Panoptik's terse mode piped directly into our kill chain and resolved a socket leak in under 90 seconds. No dashboards, no clicking — just composable observability."

Sofia Petrov CTO, Gridline Systems

"I'm a solo dev running three services on a single VPS. Panoptik's -i :PORT lets me see exactly which process grabbed which port. Absolute game-changer for debugging."

Suki Morales Independent Developer

Pricing

Observability that scales with you

Every plan includes the core Panoptik agent. Upgrade to unlock advanced query capabilities and fleet-wide visibility.

Starter

$0/mo

List all open files (basic mode)
Single-host monitoring
10 queries per hour
No DNS resolution (-n) only
Community support

Get Started

Pro

$29/mo

Everything in Starter
Network socket filtering (-i)
Process & user filtering (-p, -u)
Command name queries (-c)
Terse pipeline mode (-t)
Continuous monitoring (-r)
Unlimited queries

Start Free Trial

Team

$79/seat/mo

Everything in Pro
Boolean query engine (-a)
Directory tree scanning (+D)
Link count analysis (+L)
Field output for automation (-F)
Fleet-wide dashboards
SSO & audit logs

Contact Sales

Enterprise

Custom

Everything in Team
Dedicated support engineer
Custom SLA (99.99%+)
Private deployment options
TCP state filtering (-s)
Endpoint correlation (+E)
RBAC & compliance reporting
Unlimited seats

Talk to Sales

FAQ

Frequently asked questions

What types of files can Panoptik monitor?

Panoptik monitors every type of open file: regular files, directories, block and character special files, sockets (Internet, UNIX domain, IPv4, IPv6), pipes, FIFOs, NFS files, and executing text references. If your kernel has a descriptor for it, Panoptik can see it.

Is my data secure?

Absolutely. Panoptik is SOC 2 Type II certified, ISO 27001 compliant, and GDPR-ready. All telemetry is encrypted in transit and at rest. Enterprise customers can deploy in their own VPC with zero data egress.

Can I combine multiple filters?

Yes. By default, selection criteria are ORed for maximum coverage. Enable our Boolean Query Engine with the -a flag to AND conditions together — for example, find all TCP sockets owned by a specific user on a specific port. Negation with ^ prefixes is also supported for exclusion-based queries.

How does continuous monitoring work?

Activate repeat mode with -r SECS to have Panoptik poll at your specified interval. Use +r to auto-terminate when no matching files are found, or -r for endless mode. Each cycle is demarcated with a configurable marker line compatible with downstream parsers.

Can I use Panoptik offline?

Panoptik's core agent runs entirely on your hosts with no external network dependency. The agent operates directly against kernel data structures, so it works even when your network is down — which is often exactly when you need it most.

Total visibility into every open file descriptor.