[dtrace-discuss] How to monitor the changes of file system ? especially the delection and modificat ion of files

[Michael Schuster]

邓锦福 wrote:
> Hi~
> 
>    I  want to know how to use the dtrace to monitor the changes of the 
> file system?
> 
>  The main purpose is to detect what paths or files have been modified 
> or delected .
> 
>    The modification,i think,can be detected by using the 
> syscall::*write:entry or the io privoder,but the impelementation did not 
> work well.

deletion is not covered by the write system call, but by unlink.

>     Please let my know how to monitor the changes of the file 
> system,especially the delection and modificaiton of  files.

two comments:
- be more specific than "did not work well": give your script, some
results, and your reasoning why they're unsatisfactory.
- auditing may actually be the tool (-set) better suited for this specific
purpose. Start with the man page (or document on docs.sun.com) on bsmconv.

HTH
Michael
-- 
Michael Schuster	Sun Microsystems, Inc.
Recursion, n.: see 'Recursion'