File system event tracking
First Claim
Patent Images
1. A file system audit method, comprising:
- intercepting, by a kernel level application, file system events;
recording the intercepted file system events in a kernel memory;
retrieving the recorded file system events from kernel memory to a user level memory;
identifying, from the retrieved file system events, a first file system event changing a first file system object'"'"'s name from a first name to a second name;
identifying, from the retrieved file system events, a second file system event changing a second file system object'"'"'s name to the first name;
consolidating the first and second file system events into a distinct third file system event; and
recording the third file system event as a file modification event for the first file system object.
27 Assignments
0 Petitions
Accused Products
Abstract
Automated file system event tracking and reporting techniques are described in which file system events requested by a user application are intercepted and recorded prior to the request being permitted to pass to the file system for execution. Similarly, file system responses to a prior captured file system event are also intercepted and recorded. Predefined patterns of file system event may be aggregated and reported as a single event.
14 Citations
12 Claims
-
1. A file system audit method, comprising:
-
intercepting, by a kernel level application, file system events; recording the intercepted file system events in a kernel memory; retrieving the recorded file system events from kernel memory to a user level memory; identifying, from the retrieved file system events, a first file system event changing a first file system object'"'"'s name from a first name to a second name; identifying, from the retrieved file system events, a second file system event changing a second file system object'"'"'s name to the first name; consolidating the first and second file system events into a distinct third file system event; and recording the third file system event as a file modification event for the first file system object. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A file system audit method, comprising:
-
intercepting, by a kernel level application, file system events; recording the intercepted file system events in a kernel memory; retrieving the recorded file system events from kernel memory to a user level memory; identifying, from the retrieved file system events, a first file system event copying a first file system object from a first location to a second location; identifying, from the retrieved file system events, a second file system event deleting the first file system object from the first location; consolidating the first and second file system events into a distinct third file system event; and recording the third file system event as a file move event for the first file system object. - View Dependent Claims (10, 11, 12)
-
Specification