Re: Looking for a file monitor

From: Arjan van de Ven
Date: Sat Feb 25 2006 - 03:47:27 EST

Next message: Russell King: "Re: [PATCH 3/7] inflate pt1: clean up input logic"
Previous message: Christoph Hellwig: "Re: [Announce] Intel PRO/Wireless 3945ABG Network Connection"
In reply to: Hareesh Nagarajan: "Re: Looking for a file monitor"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, 2006-02-24 at 22:01 -0600, Hareesh Nagarajan wrote:
> Chuck Ebbert wrote:
> > In-Reply-To: <43FF3C1C.5040200@xxxxxxxxx>
> >
> > On Fri, 24 Feb 2006 at 11:02:20 -0600, Hareesh Nagarajan wrote:
> >
> >> But if we want to keep a track of all the files that are opened, read,
> >> written or deleted (much like filemon; ``Filemon's timestamping feature
> >> will show you precisely when every open, read, write or delete, happens,
> >> and its status column tells you the outcome."), we can write a simple
> >> patch that makes a note of these events on the VFS layer, and then we
> >> could export this information to userspace, via relayfs. It wouldn't be
> >> too hard to code a relatively efficient implementation.
> >
> > Doesn't auditing do all this?
>
> I have no idea about auditing, but I would guess it internally uses inotify.

it doesn't; it uses the audit framework which, by the way, exactly does
what the proposed patch above would do :)

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Russell King: "Re: [PATCH 3/7] inflate pt1: clean up input logic"
Previous message: Christoph Hellwig: "Re: [Announce] Intel PRO/Wireless 3945ABG Network Connection"
In reply to: Hareesh Nagarajan: "Re: Looking for a file monitor"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]