File Access Logging
Is there any kind of system option or tool that allows for the creation of a log that indicates all file opens, closes, writes, and creates?
For security purposes I need to be able to track everyone who opens files on a specific directory. |
It would be nice if you could specify this for a specific directory, but the quickest answer is no, you can't. The middle answer is you can turn on logging for all writes, reads, etc, but the files gets really really big, see syslog features, man syslog. The long answer is to create your own shell and have it log those specifics.
|
Thanks for the response. Can you tell me what part of the system and what level would report opening and creating files? I don't know if this is kernel or daemon or what and I can't seem to find it in the documentation.
Thanks |
You're wanting to look at man syslog ( will probably give you the C calls for it, then at the bottom say something like See Also syslog(3), so man 3 syslog ), you'll also want to look at syslog.conf as a man page as well as in /etc
The man syslog.conf should get you on the right direction, it's just been too long since I've played around with this I don't remember any of the specifics, just the generals. |
All times are GMT -5. The time now is 04:14 PM. |