I was thinking more along the lines of realtime notification of changes, instead of using a program to poll all files that you would want to monitor, which would be inefficient. Something along the lines of FAM, but more scalable.

http://oss.sgi.com/projects/fam/

--Kevin Fogleman

Allan Dib wrote:

I use /usr/ports/security/tripwire-131

Works great...


-Allan


On Monday, February 10, 2003, at 06:44 AM, Kevin Fogleman wrote:

Is there an existing way to monitor the entire filesystem for changes to any file, particularly changes in extended attributes?

I've read over the documentation for kqueue, but some things were left unclear. For example, it appears the man page has not been updated for 5.0 and thus doesn't specify whether or how extended attributes can be monitored for modifications. Also, it appears that kqueue needs a file descriptor for each file that one would want to monitor, making any large-scale file monitoring impractical. Is there any other way in FreeBSD to be notified of file modifications in a way that would allow one to monitor the whole file system or large portions of it? I don't really need to know whether a particular attribute changed, but rather just whether any of them changed.

--Kevin Fogleman


To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-questions" in the body of the message




To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-questions" in the body of the message

Reply via email to