Re: Monitoring File Access (Read / Write)
I think fs_usage might just do the trick, although I am not yet sure. I will have to test it out more thoroughly. 1 thing I noticed about fs_usage was that when u read a file say using more from the shell, it doesn't display the entire path of the file. Is there any way to make it do this? Thanks Krishna --- Justin Walker <justin@mac.com> wrote:
On Jun 17, 2004, at 14:15, Krishna Monian wrote:
Hi All,
Is it possible to write some sort of kernel mode
app
that hooks on to all file system calls / IO calls
and
logs all of these ?
No really. Since the source is available, you can
always hack away to
your heart's content, but this kind of approach
really isn't going to
work in the long run. In addition, it only works on
your system (or on
those belonging to people you can con into running
your kernel :-}).
I took a look at the File Alteration Monitor (FAM)
but
that doesn't achieve this completely. It doesn't
log
file reads.
I am basically trying to write a utility that will
log
every file that is accessed (read / write) in a
particular directory in the system.
What would be the best way to go about doing this?
Is
a kernel hook the only way? Is there anything that
has
already been done along these lines (quite sure it
has)?
The only way to do this is with some kind of kernel
assistance.
Hacking into dispatch tables won't, in all
likelihood, survive new
releases of the kernel, though. This approach is
frowned on.
I'd suggest, as someone already has, looking at
ktrace, or perhaps,
fs_usage. The source for both is available. This
is a polling type of
interface, though, so you need to apply it with some
care and
forethought. There is no notification mechanism for
file access.
Regards,
Justin
--
Justin C. Walker, Curmudgeon-At-Large *
Institute for General Semantics | Men are
from Earth.
| Women
are from Earth.
| Deal
with it.
*--------------------------------------*-------------------------------*
_______________________________________________
darwin-kernel mailing list |
darwin-kernel@lists.apple.com
Help/Unsubscribe/Archives:
http://www.lists.apple.com/mailman/listinfo/darwin-kernel
Do not post admin requests to the list. They will be
ignored.
__________________________________ Do you Yahoo!? Read only the mail you want - Yahoo! Mail SpamGuard. http://promotions.yahoo.com/new_mail _______________________________________________ darwin-kernel mailing list | darwin-kernel@lists.apple.com Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/darwin-kernel Do not post admin requests to the list. They will be ignored.
participants (1)
-
Krishna Monian