Re: Looking for a file monitor

From: Hareesh Nagarajan
Date: Fri Feb 24 2006 - 22:59:08 EST

Next message: Adrian Bunk: "2.6.16-rc4-mm2: useless acpi_pmtmr_buggy"
Previous message: Dmitry Torokhov: "Re: Extra keycodes"
In reply to: Chuck Ebbert: "Re: Looking for a file monitor"
Next in thread: Arjan van de Ven: "Re: Looking for a file monitor"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Chuck Ebbert wrote:

In-Reply-To: <43FF3C1C.5040200@xxxxxxxxx>

On Fri, 24 Feb 2006 at 11:02:20 -0600, Hareesh Nagarajan wrote:

But if we want to keep a track of all the files that are opened, read, written or deleted (much like filemon; ``Filemon's timestamping feature will show you precisely when every open, read, write or delete, happens, and its status column tells you the outcome."), we can write a simple patch that makes a note of these events on the VFS layer, and then we could export this information to userspace, via relayfs. It wouldn't be too hard to code a relatively efficient implementation.

Doesn't auditing do all this?

I have no idea about auditing, but I would guess it internally uses inotify.

Hareesh
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Adrian Bunk: "2.6.16-rc4-mm2: useless acpi_pmtmr_buggy"
Previous message: Dmitry Torokhov: "Re: Extra keycodes"
In reply to: Chuck Ebbert: "Re: Looking for a file monitor"
Next in thread: Arjan van de Ven: "Re: Looking for a file monitor"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]