From owner-freebsd-hackers  Wed Oct 15 08:57:29 1997
Return-Path: <owner-freebsd-hackers>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.7/8.8.7) id IAA26844
          for hackers-outgoing; Wed, 15 Oct 1997 08:57:29 -0700 (PDT)
          (envelope-from owner-freebsd-hackers)
Received: from shell.firehouse.net (brian@shell.firehouse.net [209.42.203.45])
          by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id IAA26833
          for <hackers@FreeBSD.ORG>; Wed, 15 Oct 1997 08:57:23 -0700 (PDT)
          (envelope-from brian@shell.firehouse.net)
Received: from localhost (brian@localhost)
	by shell.firehouse.net (8.8.5/8.8.5) with SMTP id LAA06952;
	Wed, 15 Oct 1997 11:57:04 -0400 (EDT)
Date: Wed, 15 Oct 1997 11:57:03 -0400 (EDT)
From: Brian Mitchell <brian@firehouse.net>
To: Charles Green <chuck@fang.cs.sunyit.edu>
cc: hackers@FreeBSD.ORG
Subject: Re: Question about file opens
In-Reply-To: <199710151010.KAA28975@fang.cs.sunyit.edu>
Message-ID: <Pine.BSI.3.95.971015115538.6937A-100000@shell.firehouse.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-hackers@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

On Wed, 15 Oct 1997, Charles Green wrote:

>         For a project I'm working on we're interested in tracking file opens,
> and are interested in the best way of tracking them. Any ideas? Or is it
> impossible without modifying the kernel? 

There are two ways, auditing (which freebsd doesnt have yet - see
http://shell.firehouse.net/~brian/bsdc2audit for preliminary driver) or
modifying the libc stubs. You could also use a preloaded shared lib to do
it without rebuilding libc, if you wanted to.