File system monitoring on Mac OS X

Well, do you envy the SysInternal tools for MS Windows?
Although they don’t catch up with their 64bit Windows quite quickly, they are still good. Especially when you are tracking viruses or some tools others created, it is quite handy for figuring out what are being changed.

On Mac OS X, there is a mechanism called fsevent. However, it was recommended not to be used much, because it will impact performance a lot. ( However, the spotlight depends on such functionality a lot. )
yeah.. why not. But we need a such file system monitoring tool.

Many file system monitoring tool like FSSpy were not available anymore, but Leopard was shipped with “opensnoop”, which is a part of DTrace. (Thanks, Sun Microsystems! )

Just try this :

sudo opensnoop

You may want to save it to the live log to a file :

sudo opensnoop > file_system_tracing.txt

Articles on OpenSnoop are here :

• Hidden Gems in Leopard : OpenSnoop
• Monitor Mac OS X Filesystem Usage & Access with opensnoop
• opensnoop (Mac file open watcher ) : This shows list of features provided by DTrace

And this is a file system change logger written by Amit Singh

• fslogger

Amit Singh doesn’t provide any source codes usually. ( He is a head of some team at Google, right? Are those materials on his web site related to intellectual property of Google? )

P.S. These 3 people are the inventors of DTrace.
http://www.flickr.com/photos/scobleizer/566408503/

DTrace documents are here :

• DTrace User Guide
• The Power of Solaris Dynamic Tracing (DTrace)