1

I would like to monitor and log following changes in file system:

  1. Opening and closing of any file by any user.
  2. Creation/deletion of file by any user.
  3. Files downloaded by any user.

After some research I could find only 2 solutions:

  1. Zeitgeist
  2. inotify (Disadvantage: lack of recursive support in directory)

Are there any other alternatives through which I can perform the above mentioned task or can I implement this somehow using some system calls?

What will be the best way to perform the above task?

OS details: Ubuntu 14.04, if it helps.

รยקคгรђשค
  • 119
  • Nope @muru . The solutions in your link are for a specific file or directory. I have mentioned two solutions which I found which are relavent to me. I would like to know if there are some system calls that can help to do this task or if there is some other alternate solution. Presently I have made used of Zeitgeist API. – รยקคгรђשค Apr 04 '17 at 04:31
  • 1
    auditd is far more flexible than that. – muru Apr 04 '17 at 04:32
  • Nonsense. Here we have a question explicitly asking how to make auditd non-recursive: https://superuser.com/questions/650714/auditd-auditctl-rule-to-monitor-dir-only-not-all-sub-dir-and-files-etc – muru Apr 04 '17 at 04:37
  • Extremely sorry for my ignorance @muru. thank you very much for correcting me. I came across auditd solution before but was somehow misguided and discarded it. Actually the logs and monitoring part is for the program I am working on. Thanks again. – รยקคгรђשค Apr 04 '17 at 05:16
  • @muru Do we have auditd part included in the dupe? If not, you may want to include it :) – Anwar Apr 16 '17 at 15:33

0 Answers0