METHOD FOR REDUCING THE TIME TO DIAGNOSE THE CAUSE OF UNEXPECTED CHANGES TO SYSTEM FILES
First Claim
1. A method for monitoring access to a file within a file system in a computer, the method comprising steps of:
- monitoring a plurality of requests for access to files;
intercepting the requests;
analyzing metadata associated with the file;
if the metadata comprises a directive entry;
identifying information about any application requesting access to the file, including a sequence of function calls that preceded the file access request; and
logging the information to generate an audit trail of the application.
1 Assignment
0 Petitions
Accused Products
Abstract
A method for monitoring access to a file within a file system includes steps or acts of: monitoring a plurality of requests for access to files; intercepting the requests; and analyzing metadata located in the file. If the metadata includes a directive entry, the method includes these additional steps: identifying information about any application requesting access to the file, including a sequence of function calls that preceded the file access request; and logging the information to generate an action trail of the application. A mechanism for monitoring file access includes the following: a file system configured for monitoring accesses to any file residing within it; an access control mechanism which can execute pre-defined actions when an unauthorized file access occurs; and a tool to specify the list of files to be monitored.
44 Citations
20 Claims
-
1. A method for monitoring access to a file within a file system in a computer, the method comprising steps of:
-
monitoring a plurality of requests for access to files; intercepting the requests; analyzing metadata associated with the file; if the metadata comprises a directive entry; identifying information about any application requesting access to the file, including a sequence of function calls that preceded the file access request; and logging the information to generate an audit trail of the application. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A mechanism for monitoring file access, the mechanism comprising:
-
a file system operable for monitoring accesses to any file residing within the file system; an access control mechanism configured for executing pre-defined actions when an unauthorized file access occurs; and a tool to specify a list of the files to be monitored. - View Dependent Claims (12, 13, 14, 15, 16)
-
-
17. A computer program product embodied on a computer readable medium and comprising code that, when executed, causes a computer to perform the following:
-
monitor a plurality of requests for access to files; intercept the requests; analyze metadata associated with the file; if the metadata comprises a directive entry; identify information about any application requesting access to the file, including a sequence of function calls that preceded the file access request; and log the information to generate an action trail of the application. - View Dependent Claims (18, 19)
-
-
20. A system for obtaining services comprising:
a mechanism for monitoring file access, the mechanism comprising; a file system which can monitor accesses to any file residing within it; an access control mechanism which can take pre-defined actions when an unauthorized file access occurs; and a tool to specify the list of files to be monitored.
Specification