Detect directory changes in unix

views:

226

answers:

+2 Q:

Detect directory changes in unix

How could I track changes of specific directory in UNIX? For example, I launch some utility which create some files during its execution. I want to know what exact files were created during one particular launch. Is there any simple way to get such information? Problem is that:

I cannot flush directory content after script execution
Files created with the name that has hash as a compound part. There is no possibility to get this hash from script for subsequent search.
There could be several scripts executed simultaneously, I do not want to see files created by another process in the same folder.

Please notice that I do not want to know whether directory has been changed as stated here, I need filenames which ideally could be grepped to match specific pattern.

+4 A:

You need to subscribe to file system change notifications.

Hassan Syed 2010-03-03 10:46:52

You can use the script command to track the commands launched.

Amit Kumar 2010-03-03 10:47:05

+3 A:

You should use something like FAM, gamin, or inotify to detect when a file has been created, closed, etc.

Ignacio Vazquez-Abrams 2010-03-03 10:47:35

You could use the Linux Auditing System. Here is a howto link:

http://www.cyberciti.biz/tips/linux-audit-files-to-see-who-made-changes-to-a-file.html

ar 2010-03-03 10:49:48

+3 A:

You could use strace -f myscript to trace all system calls made by the script, and use grep to filter the system calls that create new files.

ammoQ 2010-03-03 10:52:46

You can actually ask `strace` to filter the syscalls it shows you itself, using `-e trace=file` (which shows all filename-using syscalls).

caf 2010-03-03 12:12:55

ansaurus

tags:

views:

answers:

Detect directory changes in unix

related questions