Re: WANTED: logging of all file operations on Windows

you want a directory watching daemon. it isn't hard at all to build
from scratch.
first, determine which directories should be watched.
then, os.walk each directory, building a mapping from filename to mtime
[modified time; os.path.getmtime].
next is your main event loop. this while loop consists of os.walk-ing
each directory again, comparing the current mtime to the corresponding
entry in the mapping. if they differ, or if a filename isn't in the
mapping, something happened, at which point you can logick out whether
a file was moved, deleted, changed, or created.

so many folks have looked for this that i'll just write a generic one
and put it in the cheeseshop. look for "dirmon" in about a week.


Claudio Grondi wrote:
I am aware, that it is maybe the wrong group to ask this question, but
as I would like to know the history of past file operations from within
a Python script I see a chance, that someone in this group was into it
already and is so kind to share here his experience.

I have put already much efforts into this subject googling around, but
up to now in vain. Best option I encountered yet is usage of
the Greyware 'System Change Log' service which monitors disks for
changes (http://www.greyware.com/software/systemchangelog/index.asp),
but in own tests it turned out, that the created log file does not cover
all file events as e.g. it is not possible to detect when a file is
moved to a new directory (creation of a new file is logged, but deletion
is not, not mentioning I would expect a file 'move' event).
The own Windows logging service rejected to start on my XP SP2 system
for unknown to me reasons - I don't know how to get it to work (yes, I
have used the administrator account).

I can't believe, that using NTFS file system in Microsoft Windows 2000
or XP it is not possible to track file events as:

- updating/modifying of an existing file/directory
- deleting an existing file/directory
- creating a new file/directory
- _moving_ an existing file/directory (should _NOT_ be covered by the
event duo of deleting an existing and creating a new file/directory)

Any hints towards enlightenment?

Claudio Grondi

.

Relevant Pages

  • WANTED: logging of all file operations on Windows
    ... The own Windows logging service rejected to start on my XP SP2 system for unknown to me reasons - I don't know how to get it to work. ... that using NTFS file system in Microsoft Windows 2000 or XP it is not possible to track file events as: ... deleting an existing file/directory ... event duo of deleting an existing and creating a new file/directory) ...
    (comp.lang.python)
  • User profiles and C/C++
    ... XP)(creating, copying, deleting and mapping to the other drive). ... Is there any valuable source of information how to do task like that? ...
    (microsoft.public.win32.programmer.kernel)
  • Re: WANTED: logging of all file operations on Windows
    ... updating/modifying of an existing file/directory ... event duo of deleting an existing and creating a new file/directory) ... Claudio Grondi ... representing renames by a delete and an add, ...
    (comp.lang.python)
  • Re: WANTED: logging of all file operations on Windows
    ... updating/modifying of an existing file/directory ... event duo of deleting an existing and creating a new file/directory) ... Claudio Grondi ... representing renames by a delete and an add, ...
    (comp.lang.python)