![]() Or created your own using syscall::open*:entry for example. ![]() You could use opensnoop, rwsnoop, creatbyproc.d, execsnoop, filebyproc.d, all dtrace scripts. In older versions of OS X you could use fs_usage,īut all more recent versions of OS X have the excellent DTrace tools You could set up a launchd - triggered script using launchd's native WatchPath OS X has VERY good, innate abilities with regards to monitoring file access, but one similarity to the cautions on the Windows side are: The extent to which you want to log EVERYthing is the extent to which you are going to add so much overhead as to cause truly SERIOUS, probably deleterious degredation of performance and needed services. Thinking about this from the "hammer" of Windows-centric thinking will make everything look like a "nail" and is not the right way to go. Please be more explicit: What specifically do you need to capture ?
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |