Hi All,
Hi Sir Monian,
I am currently trying to write a file logger, which
logs every single file access (read, write, delete) on
a specified volume.
Could someone brief me on what would the best way be
to go about doing this. Would it have to be in kernel
mode or can it be done in user mode?
You might take a look at SGI FAM, the File Alteration Monitor, that is already available for many flavors of unix, including *BSD. Some posts in the forums show that port for osx has been at least tried if not already succeeded; http://oss.sgi.com/projects/fam/ What is FAM? FAM, the File Alteration Monitor, provides an API that applications can use to be notified when specific files or directories are changed. FAM comes in two parts: fam, the daemon that listens for requests and delivers notification, and libfam, a library that client applications can use to communicate with fam. FAM was originally written for IRIX in 1989 by Bruce Karsh, and was rewritten in 1995 by Bob Miller. This open-source release of FAM builds and runs on both Linux and IRIX, and is almost identical to the version of FAM that ships with IRIX 6.5.x. Maybe would be worth to join the port effort ? Regards, Olivier Kaloudoff LUG Linux Azur http://www.linux-azur.org _______________________________________________ darwin-kernel mailing list | darwin-kernel@lists.apple.com Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/darwin-kernel Do not post admin requests to the list. They will be ignored.