Wouldn't that require me to recompile the kernel with the new filesystem everytime I need this feature on a new machine. Ideally I want to be able to turn the logging on and off whenever required. Essentially I need something similar to sysinternals filemon or the dnotify program. Dnotify is probably closes to what I need. The only limitation with dnotify is the fact that it doesn't return the name of the file that was accessed. This is information that is crucial for my purpose. Thanks --- weswannemacher@xxxxxxx wrote: > In a message dated 7/9/2004 11:07:04 AM Eastern > Daylight Time, Krishna Monian > <k_tutorials@xxxxxxxxx> writes: > > > > >The way I am thinking of doing this is by rerouting > >system calls and performing the necessary logging. > >However the sysinternals site mentioned that this > >method will not work under the 2.6 kernel. > > > > > Have you thought about adding your monitoring to a > particular filesystem rather than intercepting > kernel system calls? I mean, say you extended ext3 > or reiserfs to add the auditing/monitoring. It would > be a bit more work, but it may be easier to maintain > since they are seperate and smaller projects than > the kernel. > > /W > __________________________________ Do you Yahoo!? Take Yahoo! Mail with you! Get it on your mobile phone. http://mobile.yahoo.com/maildemo _______________________________________________ Redhat-devel-list mailing list Redhat-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/redhat-devel-list