File system event tracking
First Claim
Patent Images
1. A non-transitory computer readable medium comprising instructions stored thereon to cause one or more processors to:
- intercept a plurality of file system security change requests directed to a target file system object, each file system security change request having a corresponding current security state and a corresponding final security state;
wherein the plurality of file system security change requests are intercepted in a sequential order;
record each said current security state in the order in which it was intercepted;
communicate the plurality of file system security change requests to a file system;
intercept an indication that the plurality of file system security change requests have been processed by the file system;
record each said final security state;
aggregate each said recorded current security state and each said recorded final security state;
identify an event based, at least in part, on the aggregation; and
store an indication of the identified event.
25 Assignments
0 Petitions
Accused Products
Abstract
Automated file system event tracking and reporting techniques are described in which file system events requested by a user application are intercepted and recorded prior to the request being permitted to pass to the file system for execution. Similarly, file system responses to a prior captured file system event are also intercepted and recorded. Predefined patterns of file system event may be aggregated and reported as a single event.
21 Citations
18 Claims
-
1. A non-transitory computer readable medium comprising instructions stored thereon to cause one or more processors to:
-
intercept a plurality of file system security change requests directed to a target file system object, each file system security change request having a corresponding current security state and a corresponding final security state; wherein the plurality of file system security change requests are intercepted in a sequential order; record each said current security state in the order in which it was intercepted; communicate the plurality of file system security change requests to a file system; intercept an indication that the plurality of file system security change requests have been processed by the file system; record each said final security state; aggregate each said recorded current security state and each said recorded final security state; identify an event based, at least in part, on the aggregation; and store an indication of the identified event. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. An electronic system, comprising:
-
a memory; an input-output device coupled to the memory; and a programmable control device communicatively coupled to the memory and the input-output device, the programmable control device adapted to execute instructions stored in the memory to; identify a file system object based, at least in part, on an input from the input-output device, intercept a plurality of file system security change requests directed to the file system object, each file system security change request having a corresponding current security state and a corresponding final security state, the plurality of file system security change requests being intercepted in a sequential order, record each said current security state, communicate the plurality of file system security change requests to a file system, intercept an indication that the plurality of file system security change requests have been processed by the file system, record each said final security state, aggregate each said recorded current security state and each said recorded final security state, identify an event based, at least in part, on the aggregation, and store an indication of the identified event. - View Dependent Claims (17, 18)
-
Specification