File system with read/write logging by user

Question

Is there any file system - or monitoring tool - which logs which users have read and written which files?

Something like this:

2014-01-21 13:45:45  john  12939  /users/john/hello.txt   write
2014-01-21 13:45:55  paul  12939  /users/john/hello.txt   read

This should be restrictable to certain folders (only user files are interesting, not system files).

score 0 · Answer 1 · answered Jan 21 '14 at 13:30

You can try to install auditd. It is a useful tool to setup watches for specific files/folders operations. It support different operations: r=read, w=write, x=execute, a=attribute.

You can add a specific watch with a specific filter key for easy search.

Here is a simple page that explains how to install and use auditd.

score 0 · Answer 2 · answered Jan 21 '14 at 13:33

0

For Linux, auditd it's a well tested solution. Windows has builtin tools for auditing file access.

Use this tools carefully, auditing can impact on the server's performance if not used wisely.

answered Jan 21 '14 at 13:33

Gabriel Talavera

1,387

Interesting! However I am on OS X, which seems to have a slightly non-standard implementation of auditd with sparse documentation. Anyone know how to work this? – forthrin Jan 27 '14 at 07:48

score 0 · Answer 3 · edited Apr 13 '17 at 12:37

0

Have a look at this question linux-file-access-monitoring

It mentions two ways of achieving what you need but I think the second suits better your needs:

http://loggedfs.sourceforge.net/

It seems to have little dependency and provide the exact functionnality that you need.

edited Apr 13 '17 at 12:37

Community

1

answered Jan 21 '14 at 13:34

Johnride

101
2

File system with read/write logging by user

3 Answers3