We're troubleshooting a process and I need to have a thorough record of files in a certain directory. I need to see when they were created, moved, and deleted. It also needs to be easily readable.
I tried using inotifywait, which gave me exactly what I'm looking for, but it was missing files. It would regularly miss files coming into the directory and I'd end up with no record of them.
Next I looked at setting up a rule with auditctl, but the output from ausearch is not exactly read-friendly.
I can't add a logging piece to the processes that would be modifying files because there are simply too many from various servers.
Any advice would be appreciated.
[link] [comments]