From owner-freebsd-questions  Sun Feb  9 12: 4:36 2003
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 0CDF437B401
	for <freebsd-questions@FreeBSD.ORG>; Sun,  9 Feb 2003 12:04:35 -0800 (PST)
Received: from sunny.pacific.net.au (sunny.pacific.net.au [203.2.228.40])
	by mx1.FreeBSD.org (Postfix) with ESMTP id D95F743F3F
	for <freebsd-questions@FreeBSD.ORG>; Sun,  9 Feb 2003 12:04:33 -0800 (PST)
	(envelope-from allan@dib.name)
Received: from wisma.pacific.net.au (wisma.pacific.net.au [210.23.129.72])
          by sunny.pacific.net.au with ESMTP
          id h19K4SMr000835; Mon, 10 Feb 2003 07:04:28 +1100 (EST)
Received: from dib.name (dyn11.mel2.homedsl.pacific.net.au [203.100.245.11])
        by wisma.pacific.net.au with ESMTP
        id HAA21576; Mon, 10 Feb 2003 07:04:27 +1100 (EST)
Date: Mon, 10 Feb 2003 07:04:27 +1100
Subject: Re: Monitoring the entire filesystem?
Content-Type: text/plain; charset=US-ASCII; format=flowed
Mime-Version: 1.0 (Apple Message framework v551)
Cc: freebsd-questions@FreeBSD.ORG
To: Kevin Fogleman <krfogleman@comcast.net>
From: Allan Dib <allan@dib.name>
In-Reply-To: <3E46AFB9.4060302@comcast.net>
Message-Id: <B126728E-3C69-11D7-A402-000393BCC13C@dib.name>
Content-Transfer-Encoding: 7bit
X-Mailer: Apple Mail (2.551)
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

I use /usr/ports/security/tripwire-131

Works great...


-Allan


On Monday, February 10, 2003, at 06:44 AM, Kevin Fogleman wrote:

> Is there an existing way to monitor the entire filesystem for changes 
> to any file, particularly changes in extended attributes?
>
> I've read over the documentation for kqueue, but some things were left 
> unclear.  For example, it appears the man page has not been updated 
> for 5.0 and thus doesn't specify whether or how extended attributes 
> can be monitored for modifications.  Also, it appears that kqueue 
> needs a file descriptor for each file that one would want to monitor, 
> making any large-scale file monitoring impractical.  Is there any 
> other way in FreeBSD to be notified of file modifications in a way 
> that would allow one to monitor the whole file system or large 
> portions of it?  I don't really need to know whether a particular 
> attribute changed, but rather just whether any of them changed.
>
> --Kevin Fogleman
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-questions" in the body of the message


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message