Log every access to a file

Michael E Conlen meconlen at obfuscated.net
Mon Oct 27 16:45:45 PST 2003 

You patch the open() call in the kernel to log messages to syslog. I've 
got patches for the kernel to log exec() but not open(). It's fairly 
trivial once you see it in action.

--
Michael Conlen

On Oct 27, 2003, at 6:35 AM, Matthew Seaman wrote:

> On Mon, Oct 27, 2003 at 11:57:31AM +0800, chael at southgate.ph.inter.net 
> wrote:
>
>> How do you create/add a system log to monitor every access to a 
>> specific file (say a database file accessed through samba)? A sample 
>> line for syslog.conf would be greatly appreciated ?? :-)
>
> Syslog.conf doesn't work that way: application processes themselves
> decide what log messages to generate and pass them to syslogd(8).
> syslogd(8) then takes care of writing those log messages into the log
> files, together with timestamps and other administrivia as required.
> /etc/syslog.conf is all about directing that flow of messages into the
> appropriate files categorized by priority and by what application made
> them.
>
> Samba has extensive logging capabilities itself -- which generally
> bypass syslog entirely, although there are options available to use
> syslog.  It will certainly log who is accessing the server and from
> what machines.  I don't think it has the capability to monitor
> accesses down to the level of a particular file though, but read the
> manuals carefully to be sure.
>
> If you really need to log all accesses to the file, then probably your
> best bet is to only make the file available via a web interface, which
> can be set to require passwords before it will allow access and will
> supply the logs you require.  Alternatively, databases such as
> postgres or mysql can keep detailed logs of all queries run against
> them.
>
> 	Cheers,
>
> 	Matthew
>
> -- 
> Dr Matthew J Seaman MA, D.Phil.                       26 The Paddocks
>                                                       Savill Way
> PGP: http://www.infracaninophile.co.uk/pgpkey         Marlow
> Tel: +44 1628 476614                                  Bucks., SL7 1TH 
> UK
>
--
Michael Conlen
meconlen at obfuscated.net

More information about the freebsd-questions mailing list