- Notifications
You must be signed in to change notification settings - Fork4
kanurag94/filemonitor
Folders and files
| Name | Name | Last commit message | Last commit date | |
|---|---|---|---|---|
Repository files navigation
ebpf based Filemonitoring
usage: filemonitor.py [-h] [-f FILE] [-r] [-w] [-p] [-c] [-d]Monitors file actionsoptional arguments: -h, --help show this help message and exit -f FILE, --file FILE give config filepath -r, --read trace read events -w, --write trace write events -p, --rename trace rename events -c, --create trace create events -d, --delete trace delete eventsExample: ./filemonitor -r # traces read of /var/log/syslog ./filemonitor -f /path/to/config # traces filepaths in path for all events ./filemonitor -f /path/to/config -d # traces filepaths in path for delete eventsPID UID CPU PROC FPATH COMM OPRN11351 1000 1 test_file_12.txt cat READ11375 1000 1 test_file_12.txt vi READ11397 1000 0 test_file_12.txt vi READ11397 1000 0 test_file_12.txt vi WRITE11441 1000 0 test_file_12.txt mv RENAME11463 1000 0 a rm DELETE- Clone the repository
git clone https://github.com/kanurag94/filemonitor.git cd filemonitor- For debian and ubuntu:
sudo make all filemonitor -hto check- For other distributions visit:https://github.com/iovisor/bcc/blob/master/INSTALL.md and run
sudo run.sh
- A BPFHASH map keeps inode entries of the files supplied as config.
- Listens to read, create, delete, rename, write events on the inodes.
process pathto be addeduser tty idto be added
About
eBPF based file monitoring
Topics
Resources
Uh oh!
There was an error while loading.Please reload this page.
Stars
Watchers
Forks
Releases
No releases published
Packages0
No packages published