WANTED: logging of all file operations on Windows

faulkner faulkner612 at comcast.net
Sun Jul 9 12:01:55 EDT 2006 

you want a directory watching daemon. it isn't hard at all to build
from scratch.
first, determine which directories should be watched.
then, os.walk each directory, building a mapping from filename to mtime
[modified time; os.path.getmtime].
next is your main event loop. this while loop consists of os.walk-ing
each directory again, comparing the current mtime to the corresponding
entry in the mapping. if they differ, or if a filename isn't in the
mapping, something happened, at which point you can logick out whether
a file was moved, deleted, changed, or created.

so many folks have looked for this that i'll just write a generic one
and put it in the cheeseshop. look for "dirmon" in about a week.


Claudio Grondi wrote:
> I am aware, that it is maybe the wrong group to ask this question, but
> as I would like to know the history of past file operations from within
> a Python script I see a chance, that someone in this group was into it
> already and is so kind to share here his experience.
>
> I have put already much efforts into this subject googling around, but
> up to now in vain. Best option I encountered yet is usage of
> the Greyware 'System Change Log' service which monitors disks for
> changes (http://www.greyware.com/software/systemchangelog/index.asp),
> but in own tests it turned out, that the created log file does not cover
> all file events as e.g. it is not possible to detect when a file is
> moved to a new directory (creation of a new file is logged, but deletion
> is not, not mentioning I would expect a file 'move' event).
> The own Windows logging service rejected to start on my XP SP2 system
> for unknown to me reasons - I don't know how to get it to work (yes, I
> have used the administrator account).
>
> I can't believe, that using NTFS file system in Microsoft Windows 2000
> or XP it is not possible to track file events as:
>
> - updating/modifying of an existing file/directory
> - deleting an existing file/directory
> - creating a new file/directory
> - _moving_ an existing file/directory (should _NOT_ be covered by the
> event duo of  deleting an existing and creating a new file/directory)
> 
> Any hints towards enlightenment?
> 
> Claudio Grondi

More information about the Python-list mailing list