file system event watcher
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Jordan Orelli a76cefc4de readme 9 years ago
README.md readme 9 years ago
main.go initial commit 9 years ago
misc.go initial commit 9 years ago
track.go initial commit 9 years ago

README.md

fsnoop

fsnoop snoops on your files

ran on its own with no arguments, fsnoop will report all file modification events in the current directory.

here's a sample session run from /tmp/snoop. Lines that start with # were run in a separate shell:

# ls
open /tmp/snoop
close /tmp/snoop
close-nowrite /tmp/snoop

# touch test
create /tmp/snoop/test
open /tmp/snoop/test
attrib /tmp/snoop/test
close /tmp/snoop/test
close-write /tmp/snoop/test

# echo hi > test
modify /tmp/snoop/test
open /tmp/snoop/test
modify /tmp/snoop/test
close /tmp/snoop/test
close-write /tmp/snoop/test

# echo append >> test
open /tmp/snoop/test
modify /tmp/snoop/test
close /tmp/snoop/test
close-write /tmp/snoop/test

# mv test test.1
moved-from /tmp/snoop/test
move /tmp/snoop/test -> /tmp/snoop/test.1
moved-to /tmp/snoop/test.1

# gzip test.1
open /tmp/snoop/test.1
create /tmp/snoop/test.1.gz
open /tmp/snoop/test.1.gz
access /tmp/snoop/test.1
modify /tmp/snoop/test.1.gz
close /tmp/snoop/test.1
close-nowrite /tmp/snoop/test.1
attrib /tmp/snoop/test.1.gz
attrib /tmp/snoop/test.1.gz
attrib /tmp/snoop/test.1.gz
close /tmp/snoop/test.1.gz
close-write /tmp/snoop/test.1.gz
delete /tmp/snoop/test.1

# rm test.1.gz
delete /tmp/snoop/test.1.gz

of course, this is not as accurate as actually reading a program or stracing it, but if the ordering of the file modification events is all you care about, then fsnoop acts as a useful filter.

this thing only works on linux.

basically i reinvented a poorman's version of inotifywait.