You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
a76cefc4de
|
10 years ago | |
|---|---|---|
| README.md | 10 years ago | |
| main.go | 10 years ago | |
| misc.go | 10 years ago | |
| track.go | 10 years ago | |
README.md
fsnoop
fsnoop snoops on your files
ran on its own with no arguments, fsnoop will report all file modification events in the current directory.
here's a sample session run from /tmp/snoop. Lines that start with # were
run in a separate shell:
# ls
open /tmp/snoop
close /tmp/snoop
close-nowrite /tmp/snoop
# touch test
create /tmp/snoop/test
open /tmp/snoop/test
attrib /tmp/snoop/test
close /tmp/snoop/test
close-write /tmp/snoop/test
# echo hi > test
modify /tmp/snoop/test
open /tmp/snoop/test
modify /tmp/snoop/test
close /tmp/snoop/test
close-write /tmp/snoop/test
# echo append >> test
open /tmp/snoop/test
modify /tmp/snoop/test
close /tmp/snoop/test
close-write /tmp/snoop/test
# mv test test.1
moved-from /tmp/snoop/test
move /tmp/snoop/test -> /tmp/snoop/test.1
moved-to /tmp/snoop/test.1
# gzip test.1
open /tmp/snoop/test.1
create /tmp/snoop/test.1.gz
open /tmp/snoop/test.1.gz
access /tmp/snoop/test.1
modify /tmp/snoop/test.1.gz
close /tmp/snoop/test.1
close-nowrite /tmp/snoop/test.1
attrib /tmp/snoop/test.1.gz
attrib /tmp/snoop/test.1.gz
attrib /tmp/snoop/test.1.gz
close /tmp/snoop/test.1.gz
close-write /tmp/snoop/test.1.gz
delete /tmp/snoop/test.1
# rm test.1.gz
delete /tmp/snoop/test.1.gz
of course, this is not as accurate as actually reading a program or stracing it, but if the ordering of the file modification events is all you care about, then fsnoop acts as a useful filter.
this thing only works on linux.
basically i reinvented a poorman's version of inotifywait.