[clue] file-system activity logging
David L. Willson
DLWillson at TheGeek.NU
Sun Jan 8 11:32:17 MST 2012
Anyone got a strategy for recording every file open on a particular mount?
I've googled until my fingers bled, and tried lots and lots of things with lsof. I'm pretty sure I'm barking up the wrong tree or attempting the impossible.
Here's a relatively detailed use-case:
I'm on a system, which has a shared file-system mounted as NFSv3. This system reads a small file. The file is only open for about a second.
I want to record that the file was opened for reading and ideally, the UID that opened it. There are lots of bits of information that would be nice to collect, but those are the basics.
Repeated runs of lsof are provably unlikely to happen to catch it. So, running it every minute by cron is both wasteful AND ineffective... In fact, I've tried a bunch of different ways of doing it and it's really hard to catch this read.
Ideas?
David L. Willson
Trainer, Engineer, Enthusiast
RHCE MCT MCSE Network+ A+ Linux+ LPIC-1 NovellCLA UbuntuCP
tel://720.333.LANS
Freedom is better when you earn it. Learn Linux.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://cluedenver.org/pipermail/clue/attachments/20120108/b79a3ca5/attachment.html
More information about the clue
mailing list