Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 21 Apr 2011 17:53:04 +0400
From:      Artem Kuchin <>
Subject:   Security monitoring all file changes
Message-ID:  <>

Next in thread | Raw E-Mail | Index | Archive | Help

We are running hosting servers and i think we need to monitor and log=20
all changes in filesystems (ftp log is written already, but
we give shell access and also files can be changed by scripts), so, when =

a client asks when the file/directory
was changed or deleted and by whom we can answer that question.

In what directtion should i look? Is Audit the thing for it?

The problem with the whole idea is that i don't want to hog the raid=20
with huge log of what happened to the files
every nanosecond.

For example, file is opened, writen 1000 times with write() and the=20
closed. I don't want to get 1000 lines
in the log. Something like:

opened for write
write repeated 1000 times (just one line with repetition counter)

whould be nice, but if not possible, then just open and closed logged,=20
w/o write. Better than nothing.
Or maybe it can be very optimized binary log.
I have no idea what i am writing about :)

Thanks in advance!

Best  regards,

=F3 =D5=D7=C1=D6=C5=CE=C9=C5=CD,
=E1=D2=D4=C5=CD =EB=D5=DE=C9=CE
=EB=CF=CD=D0=C1=CE=C9=D1 "=E1=CA =F4=C9 =EC=C5=C7=C9=CF=CE"
+7 (495) 232-0338

Want to link to this message? Use this URL: <>