Re: Monitoring File Access (Read / Write)
Re: Monitoring File Access (Read / Write)
- Subject: Re: Monitoring File Access (Read / Write)
- From: Krishna Monian <email@hidden>
- Date: Thu, 17 Jun 2004 15:33:18 -0700 (PDT)
I think fs_usage might just do the trick, although I
am not yet sure. I will have to test it out more
thoroughly.
1 thing I noticed about fs_usage was that when u read
a file say using more from the shell, it doesn't
display the entire path of the file. Is there any way
to make it do this?
Thanks
Krishna
--- Justin Walker <email@hidden> wrote:
>
On Jun 17, 2004, at 14:15, Krishna Monian wrote:
>
>
> Hi All,
>
>
>
> Is it possible to write some sort of kernel mode
>
app
>
> that hooks on to all file system calls / IO calls
>
and
>
> logs all of these ?
>
>
No really. Since the source is available, you can
>
always hack away to
>
your heart's content, but this kind of approach
>
really isn't going to
>
work in the long run. In addition, it only works on
>
your system (or on
>
those belonging to people you can con into running
>
your kernel :-}).
>
>
> I took a look at the File Alteration Monitor (FAM)
>
but
>
> that doesn't achieve this completely. It doesn't
>
log
>
> file reads.
>
>
>
> I am basically trying to write a utility that will
>
log
>
> every file that is accessed (read / write) in a
>
> particular directory in the system.
>
>
>
> What would be the best way to go about doing this?
>
Is
>
> a kernel hook the only way? Is there anything that
>
has
>
> already been done along these lines (quite sure it
>
> has)?
>
>
The only way to do this is with some kind of kernel
>
assistance.
>
Hacking into dispatch tables won't, in all
>
likelihood, survive new
>
releases of the kernel, though. This approach is
>
frowned on.
>
>
I'd suggest, as someone already has, looking at
>
ktrace, or perhaps,
>
fs_usage. The source for both is available. This
>
is a polling type of
>
interface, though, so you need to apply it with some
>
care and
>
forethought. There is no notification mechanism for
>
file access.
>
>
Regards,
>
>
Justin
>
>
--
>
Justin C. Walker, Curmudgeon-At-Large *
>
Institute for General Semantics | Men are
>
from Earth.
>
| Women
>
are from Earth.
>
| Deal
>
with it.
>
*--------------------------------------*-------------------------------*
>
_______________________________________________
>
darwin-kernel mailing list |
>
email@hidden
>
Help/Unsubscribe/Archives:
>
http://www.lists.apple.com/mailman/listinfo/darwin-kernel
>
Do not post admin requests to the list. They will be
>
ignored.
>
>
__________________________________
Do you Yahoo!?
Read only the mail you want - Yahoo! Mail SpamGuard.
http://promotions.yahoo.com/new_mail
_______________________________________________
darwin-kernel mailing list | email@hidden
Help/Unsubscribe/Archives:
http://www.lists.apple.com/mailman/listinfo/darwin-kernel
Do not post admin requests to the list. They will be ignored.