I looked into this, which can do exactly what i want: https://github.com/vitkin/loggedfs
My goal is to log read/write requests on a filessystem/mount point/folder with millions of files and subfolders ~5TB, each file is 1-100MB in size, so inotify cant handle it because of some max filecount limit
I want to log: user, process (entire command), filename, timestamp
Any tools out there that can do this? LoggedFS looked good, but has not been updated since 2008 and is not in any repositorys, the source for LoggedFS-csv that i linked to above cant compile on CentOS 6.7 This has to run on multiple production servers, so lightweight is preferred
Update: I took the time to sit down and read about auditd, which is default installed and a kernel module on CentOS Auditd looks like it can do exactly what i want with the following config:
-w /path_to_dir/ -p rwax -k key_name The above config will log if someone read or changes a file in the path. I tested by adding 100.000 files and it had no problem at all with this, so it looks like it can do what i want :)
Auditd can also secure many other thing which i will take advantage of later in the project, even secure itself against altering of rules. I like it
For others who a interested, here is the man page that explains it: http://man7.org/linux/man-pages/man7/audit.rules.7.html
[link] [comments]