[clue] file-system activity logging
David L. Willson
DLWillson at TheGeek.NU
Sun Jan 8 12:05:06 MST 2012
Any idea the overhead involved? I have to do the auditing client-side on 12+ machines, because the NFS "server" isn't a standard box.
And of course, some of the clients that must be audited, are production or mission-critical.
And, I haven't read enough to say for sure, but it seems like auditd only wants to watch specific files, rather than all access in a whole file-system. Is that so?
David L. Willson
Trainer, Engineer, Enthusiast
RHCE MCT MCSE Network+ A+ Linux+ LPIC-1 NovellCLA UbuntuCP
tel://720.333.LANS
Freedom is better when you earn it. Learn Linux.
----- Original Message -----
> We use auditd to watch a system we export via CIFS. Files kept
> disappearing and we had to be able to track it. Turns out it was a
> user with a super sensitive mouse dragging folders to other folders.
> You just need to setup rules and you will be able to query for file
> accesses on that mount.
> Dan Kulinski
> _______________________________________________
> clue mailing list: clue at cluedenver.org
> For information, account preferences, or to unsubscribe see:
> http://cluedenver.org/mailman/listinfo/clue
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://cluedenver.org/pipermail/clue/attachments/20120108/43829c34/attachment.html
More information about the clue
mailing list