I was thinking more along the lines of realtime notification of changes,
instead of using a program to poll all files that you would want to
monitor, which would be inefficient. Something along the lines of FAM,
but more scalable.
http://oss.sgi.com/projects/fam/
--Kevin Fogleman
Allan Dib wrote:
I use /usr/ports/security/tripwire-131
Works great...
-Allan
On Monday, February 10, 2003, at 06:44 AM, Kevin Fogleman wrote:
Is there an existing way to monitor the entire filesystem for changes
to any file, particularly changes in extended attributes?
I've read over the documentation for kqueue, but some things were
left unclear. For example, it appears the man page has not been
updated for 5.0 and thus doesn't specify whether or how extended
attributes can be monitored for modifications. Also, it appears that
kqueue needs a file descriptor for each file that one would want to
monitor, making any large-scale file monitoring impractical. Is
there any other way in FreeBSD to be notified of file modifications
in a way that would allow one to monitor the whole file system or
large portions of it? I don't really need to know whether a
particular attribute changed, but rather just whether any of them
changed.
--Kevin Fogleman
To Unsubscribe: send mail to [EMAIL PROTECTED]
with unsubscribe freebsd-questions in the body of the message
To Unsubscribe: send mail to [EMAIL PROTECTED]
with unsubscribe freebsd-questions in the body of the message
