You are not logged in.

#1 2009-05-05 09:35:01

sacarde
Member
Registered: 2006-07-14
Posts: 389

all logged

hi,
   do you know if the way exists, on a system Linux, of log all process and relative modified files?


thankyou

Offline

#2 2009-05-05 10:40:48

.:B:.
Forum Fellow
Registered: 2006-11-26
Posts: 5,819
Website

Re: all logged

Your question is kind of fuzzy... What do you want? An IDS?


Got Leenucks? :: Arch: Power in simplicity :: Get Counted! Registered Linux User #392717 :: Blog thingy

Offline

#3 2009-05-05 11:48:58

sacarde
Member
Registered: 2006-07-14
Posts: 389

Re: all logged

may be

for example:

process#1, begin-time, end-time, file read=a.b, write=c
process#2, ................................................................
..

Offline

#4 2009-05-05 12:05:46

Procyon
Member
Registered: 2008-05-07
Posts: 1,819

Re: all logged

Here is something to get you started:
ps -Ao pid,comm,lstart | sed '1d'

ps can't do end time of course, you have to write a script that loops and checks if any pids-commands are gone. (maybe there is a more efficient way)
I couldn't find opened files in ps, but lsof can do that. Look into man lsof, it's quite complex though.

Offline

Board footer

Powered by FluxBB