[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: How to catch process that removes files?



I don't mean periodically, more like "random but often". Sometimes
several times a day, sometimes not at all.

The server is on an intranet, in a mainly Windows network, and cannot
be accessed from the Internet. It holds little interest to anybody
apart from myself. It simply doesn't hold any useful information, so
I'd say that, logically, the possibility that a human is doing this is
remote.

I've tried inotify too, but all these monitoring tools seem focused
exclusively on what and when happens, not on who did it. I'm wondering
if it's even possible to catch a process in the act. As you said, even
with all the ps and lsof and proc info it's still hard to figure out
what's going on, if I'm doing it even a second too late.



Reply to: