Is there a script that keeps track of when a folder or file was accessed, opened or read and also by who?
I'd like to be able to store that information in a text file.
Any help would be greatly appreciated.
Is there a script that keeps track of when a folder or file was accessed, opened or read and also by who?
I'd like to be able to store that information in a text file.
Any help would be greatly appreciated.
As i am aware i don't think, there is one. May be there could be where others could know. Well, i would go ahead and write one by myself.
ssharish
EDIT: On what platform are u working on?
I'm on Windows. Can a simple C program be written to do such a thing?
I am not pretty sure how its done on windows, But the complication starts, on how many folders are u going to be watched. Checked out MSDN if you are working on windows.
Perhaps I should have asked which compiler are u using as well?
ssharish
You can use the stat() function to get file attributes like creation time, last access time...
As for who used it last, you'll have to check the Windows API to see if the NTFS file system keeps track of that.
filemon from sysinternals.com could do this, but it is so far beyond the idea of "simple C" as to be not worth mentioning.
Especially when the OP still refers to programs as "scripts".
Obtaining directory change notifiecations is not exactly simple c and it doesn't track read access on a file/folder. In other words, something has to change on the file/folder for it to kick in.
Another option would be to enable audit object access settings on the workstation/server where the file/folder resides. This is done by modifying the machines group policy settings. Be careful on what objects you select for auditing. It's easy to end up with information overload if you audit a folder and the audit applies to every object within the folder and within any subfolder.
Once the policy is properly set up, it's just a matter of querying the security log. This can be done by either using the event viewer or writing a C program to query to security log. IMHO, there is no such thing as a simple C program to query the security log. So, you may end up reviewing the security log via the event viewer.
Sorry for confusing you, Salem, on scripts and programs. I'm sure you're smart enough to figure out what I meant.
I'm using cfree.
Thanks for all the tips.
I realize it's harder to pull file access information from a FAT formatted drive than an NTFS.
Yes, because FAT doesn't have the same organization of the metadata - there are MANY things that only work (or work best) with NTFS. FAT was originally invented for floppy disks holding 320 or 360 KILObytes. Whilst FAT32 can and will handle large disks, it's still much less efficient than NTFS. You can even convert FAT to NTFS in Windows [sorry, you have to look up yourself how you do that], so there's no reason to continue to use FAT, unless you also want compatibility with a mobile phone, MP3 player, Camera or some such that doesn't support NTFS.Quote:
Originally Posted by Christopher2222
--
Mats
I agree for Fat16, Fat32, winnt operating systems, not sure about other platforms
What has the format of the underlying file system got to do with tracking who uses the file system?
Actually I also use FAT32 partitions to hold my Ghost images since a Win98 or DOS boot disk cannot see an NTFS drive. I also use a 4GB FAT32 partition for my Windows pagefile since I don't need the extra security of FAT32 (it's just a pagefile) and FAT32 has less overhead.Quote:
Originally Posted by matsp
http://www.tek-tips.com/faqs.cfm?fid=3876
I never saw the need for moving the page file to another disk since I saw no speed improvements. Nor do I see why it needs to be 1.5x or 2.0x the amount of physical memory. pagefile is currently 2 GB of a 3 GB memory system. Not a single pagefile related problem so far.
You probably don't need 3GB of RAM then :) [In which case, you also won't see any improvement from moving it around, of course]Quote:
Originally Posted by Elysia
--
Mats
Maybe not, but what's the point of removing it? :D
That's not what I meant, and I think you know it. But the location of the page-file is pretty meaningless if it's not being used. In fact, I saw a link to somewhere "how to disable pagefile" or some such. Can't remember where I saw it, but it can be done - of course, if your app by mistake happens to start allocating tons of memory, you may run out all of a sudden, which is no good when you have no way to extend the memory... Pagefile gives you that option.
--
Mats
Also, when you defrag your C: drive, if you see those big green blocks that are unmovable -- that would be your pagefile. By moving it to it's own partition, the Windows Defrag program (which is pretty inept to begin with) has more room to work with, which is always a good thing when your dealing with MS Defrag.
If you move your pagefile to a completely separate hard disk, you'd probably notice more of a difference than just putting it on a separate partition, but then who really feels like wasting a whole HD just for the pagefile?
You can use perfmon to record all read/write activity to your pagefile. I'll bet yours is still being used a lot even though you're not using your full 3GB of RAM.
Yes, page files can be disabled, but it's not a good idea, usually. I'd love if Windows could actually keep everything in memory without paging it (unless it finds that the 3 GB of physical memory is exceeded), but unfortunately this is not so. The pagefile is not recommended to disable.Quote:
Originally Posted by matsp
MS Defrag is crap and you know it. I use an excellent 3rd part solution for this. And since the pagefile is locked in size, it doesn't get fragmented plus there's 16.7 GB (out of 40 GB) free on the system partition - more than enough to defrag properly.Quote:
Originally Posted by cpjust
Like I mentioned before, I never noticed any huge speed performance increase when I did that (I have 4 HDs).Quote:
If you move your pagefile to a completely separate hard disk, you'd probably notice more of a difference than just putting it on a separate partition, but then who really feels like wasting a whole HD just for the pagefile?
Yes, of course. That's how windows works. It always pages things out to the pagefile. But performance is sound, nevertheless.Quote:
You can use perfmon to record all read/write activity to your pagefile. I'll bet yours is still being used a lot even though you're not using your full 3GB of RAM.