kfsmd is an interesting tool to keep track of changes in your filesystems. This tool based upon inotify which is a Linux kernel subsystem that provides file system event notification. Useful for file auditing. From the article:
Applications can ask the Linux kernel to report changes to selected files and directories. I created the Kernel Filesystem Monitoring Daemon (kfsmd) to make monitoring filesystem changes simple. Command-line clients for kfsmd come in two categories: monitoring and logging. The monitoring client produces output on the console whenever something happens to a filesystem you are watching. You can log to either a Berkeley DB4 file or a PostgreSQL database.
=> Use kfsmd to keep track of changes in your filesystems
Related: Linux audit files to see who made changes to a file
3 comment
For a long time, the standard utility in this area has been SGI’s File Alteration Monitor, though I don’t know the status of FAM today.
It’s home page is at:
http://oss.sgi.com/projects/fam/
On distros involving hats (probably most others as well), the standard package for this is gamin, which is a simplified but mostly ABI/API-compatible replacement for FAM.
http://www.gnome.org/~veillard/gamin/
It was a little rough in the beginning (witness the 136-comment RH bugzilla ticket: https://bugzilla.redhat.com/show_bug.cgi?id=132354 ), but is now very stable and unobtrusive in its activity.
file system monitoring scripts
process monitoring scripts
cpu usage scripts
memory / swap usage scripts