Thread: Is there a script to track when a floder/file was accessed and by who?

  1. #1
    Registered User
    Join Date
    Jun 2007
    Posts
    14

    Is there a script to track when a floder/file was accessed and by who?

    Is there a script that keeps track of when a folder or file was accessed, opened or read and also by who?

    I'd like to be able to store that information in a text file.


    Any help would be greatly appreciated.

  2. #2
    Registered User ssharish2005's Avatar
    Join Date
    Sep 2005
    Location
    Cambridge, UK
    Posts
    1,732
    As i am aware i don't think, there is one. May be there could be where others could know. Well, i would go ahead and write one by myself.

    ssharish

    EDIT: On what platform are u working on?

  3. #3
    Registered User
    Join Date
    Jun 2007
    Posts
    14
    I'm on Windows. Can a simple C program be written to do such a thing?

  4. #4
    Registered User ssharish2005's Avatar
    Join Date
    Sep 2005
    Location
    Cambridge, UK
    Posts
    1,732
    I am not pretty sure how its done on windows, But the complication starts, on how many folders are u going to be watched. Checked out MSDN if you are working on windows.

    Perhaps I should have asked which compiler are u using as well?

    ssharish

  5. #5
    and the hat of sweating
    Join Date
    Aug 2007
    Location
    Toronto, ON
    Posts
    3,545
    You can use the stat() function to get file attributes like creation time, last access time...

    As for who used it last, you'll have to check the Windows API to see if the NTFS file system keeps track of that.

  6. #6
    Registered User ssharish2005's Avatar
    Join Date
    Sep 2005
    Location
    Cambridge, UK
    Posts
    1,732

  7. #7
    and the hat of int overfl Salem's Avatar
    Join Date
    Aug 2001
    Location
    The edge of the known universe
    Posts
    39,660
    filemon from sysinternals.com could do this, but it is so far beyond the idea of "simple C" as to be not worth mentioning.

    Especially when the OP still refers to programs as "scripts".
    If you dance barefoot on the broken glass of undefined behaviour, you've got to expect the occasional cut.
    If at first you don't succeed, try writing your phone number on the exam paper.

  8. #8
    Registered User
    Join Date
    Mar 2005
    Location
    Mountaintop, Pa
    Posts
    1,058
    Obtaining directory change notifiecations is not exactly simple c and it doesn't track read access on a file/folder. In other words, something has to change on the file/folder for it to kick in.

    Another option would be to enable audit object access settings on the workstation/server where the file/folder resides. This is done by modifying the machines group policy settings. Be careful on what objects you select for auditing. It's easy to end up with information overload if you audit a folder and the audit applies to every object within the folder and within any subfolder.

    Once the policy is properly set up, it's just a matter of querying the security log. This can be done by either using the event viewer or writing a C program to query to security log. IMHO, there is no such thing as a simple C program to query the security log. So, you may end up reviewing the security log via the event viewer.

  9. #9
    Registered User
    Join Date
    Jun 2007
    Posts
    14
    Sorry for confusing you, Salem, on scripts and programs. I'm sure you're smart enough to figure out what I meant.

    I'm using cfree.

  10. #10
    Registered User
    Join Date
    Jun 2007
    Posts
    14

    Thanks

    Thanks for all the tips.

    I realize it's harder to pull file access information from a FAT formatted drive than an NTFS.

  11. #11
    Kernel hacker
    Join Date
    Jul 2007
    Location
    Farncombe, Surrey, England
    Posts
    15,677
    Quote Originally Posted by Christopher2222 View Post
    Thanks for all the tips.

    I realize it's harder to pull file access information from a FAT formatted drive than an NTFS.
    Yes, because FAT doesn't have the same organization of the metadata - there are MANY things that only work (or work best) with NTFS. FAT was originally invented for floppy disks holding 320 or 360 KILObytes. Whilst FAT32 can and will handle large disks, it's still much less efficient than NTFS. You can even convert FAT to NTFS in Windows [sorry, you have to look up yourself how you do that], so there's no reason to continue to use FAT, unless you also want compatibility with a mobile phone, MP3 player, Camera or some such that doesn't support NTFS.

    --
    Mats
    Compilers can produce warnings - make the compiler programmers happy: Use them!
    Please don't PM me for help - and no, I don't do help over instant messengers.

  12. #12
    Registered User t3chn0n3rd's Avatar
    Join Date
    Dec 2007
    Location
    kansas city
    Posts
    25

    operating systems

    I agree for Fat16, Fat32, winnt operating systems, not sure about other platforms

  13. #13
    and the hat of int overfl Salem's Avatar
    Join Date
    Aug 2001
    Location
    The edge of the known universe
    Posts
    39,660
    What has the format of the underlying file system got to do with tracking who uses the file system?
    If you dance barefoot on the broken glass of undefined behaviour, you've got to expect the occasional cut.
    If at first you don't succeed, try writing your phone number on the exam paper.

  14. #14
    and the hat of sweating
    Join Date
    Aug 2007
    Location
    Toronto, ON
    Posts
    3,545
    Quote Originally Posted by matsp View Post
    so there's no reason to continue to use FAT, unless you also want compatibility with a mobile phone, MP3 player, Camera or some such that doesn't support NTFS.
    Actually I also use FAT32 partitions to hold my Ghost images since a Win98 or DOS boot disk cannot see an NTFS drive. I also use a 4GB FAT32 partition for my Windows pagefile since I don't need the extra security of FAT32 (it's just a pagefile) and FAT32 has less overhead.
    http://www.tek-tips.com/faqs.cfm?fid=3876

  15. #15
    C++まいる!Cをこわせ!
    Join Date
    Oct 2007
    Location
    Inside my computer
    Posts
    24,654
    I never saw the need for moving the page file to another disk since I saw no speed improvements. Nor do I see why it needs to be 1.5x or 2.0x the amount of physical memory. pagefile is currently 2 GB of a 3 GB memory system. Not a single pagefile related problem so far.
    Quote Originally Posted by Adak View Post
    io.h certainly IS included in some modern compilers. It is no longer part of the standard for C, but it is nevertheless, included in the very latest Pelles C versions.
    Quote Originally Posted by Salem View Post
    You mean it's included as a crutch to help ancient programmers limp along without them having to relearn too much.

    Outside of your DOS world, your header file is meaningless.

Popular pages Recent additions subscribe to a feed