Re: Looking for a file monitor

From: Hareesh Nagarajan
Date: Fri Feb 24 2006 - 12:00:24 EST

Next message: Randy.Dunlap: "Re: Areca RAID driver remaining items?"
Previous message: Christoph Hellwig: "Re: Areca RAID driver remaining items?"
In reply to: Diego Calleja: "Re: Looking for a file monitor"
Next in thread: Wei Hu: "Re: Looking for a file monitor"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Diego Calleja wrote:

El Fri, 24 Feb 2006 02:06:27 -0600,
Hareesh Nagarajan <hnagar2@xxxxxxxxx> escribió:

dnotify has been succeeded by inotify. check the link below:
http://www.kernel.org/pub/linux/kernel/people/rml/inotify/README

IIRC, inotify is not the best thing for examining system-wide events.
Monitoring of directories is not recursive (neither it should, i think)
so to examine the whole system you would need to need thousands of
watches.

Surely.

But if we want to keep a track of all the files that are opened, read, written or deleted (much like filemon; ``Filemon's timestamping feature will show you precisely when every open, read, write or delete, happens, and its status column tells you the outcome."), we can write a simple patch that makes a note of these events on the VFS layer, and then we could export this information to userspace, via relayfs. It wouldn't be too hard to code a relatively efficient implementation.

Hareesh
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Randy.Dunlap: "Re: Areca RAID driver remaining items?"
Previous message: Christoph Hellwig: "Re: Areca RAID driver remaining items?"
In reply to: Diego Calleja: "Re: Looking for a file monitor"
Next in thread: Wei Hu: "Re: Looking for a file monitor"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]