Page 1 of 1

filemon updated

PostPosted: Mon Jun 06, 2016 5:12 pm
by morpheus
Major update now allows for filtering (not just through grep), and for automatic action taking: --stop a process on file creation, and --link to create a hard link to a file as it is created (saving it from removal!)

q.v. http://NewOSXBook.com/tools/filemon.html

Re: filemon updated

PostPosted: Tue Aug 09, 2016 5:44 pm
by darkknight
Playing with the latest version and noticed the following
Code: Select all
Ironman:~ root# filemon -h
Usage: filemon [options]
Where [options] are optional, and may be any of:
   -p|--proc  pid/procname:  filter only this process or PID
   -f|--file  string[,string]:        filter only paths containing this string (/ will catch everything)
   -e|--event event[,event]: filter only these events
   -s|--stop:                auto-stop the process generating event
   -l|--link:                auto-create a hard link to file (prevents deletion by program :-)
   -c|--color (or set JCOLOR=1 first)
   [b]This is J's filemon, compiled on Jul 21 2016[/b]
Ironman:~ root#


So running without options seems fine
Code: Select all
 977 AudioAddictiOSDI   Changed xattr  /private/var/mobile/Containers/Data/Application/C63C90DA-66B4-4CC8-BE39-84A7F653813E/Library/Application Support/FlurryFiles   
  977 AudioAddictiOSDI   Changed xattr  /private/var/mobile/Containers/Data/Application/C63C90DA-66B4-4CC8-BE39-84A7F653813E/Library/Application Support/FlurryFiles/.flurryPropertiesData-1379506788_162.archive   
  977 AudioAddictiOSDI   Changed xattr  /private/var/mobile/Containers/Data/Application/C63C90DA-66B4-4CC8-BE39-84A7F653813E/Library/Application Support/FlurryFiles   
  977 AudioAddictiOSDI   Changed xattr  /private/var/mobile/Containers/Data/Application/C63C90DA-66B4-4CC8-BE39-84A7F653813E/Library/Application Support/FlurryFiles/.flurryCkData-1379506788_162.archive   
  977 AudioAddictiOSDI   Changed xattr  /private/var/mobile/Containers/Data/Application/C63C90DA-66B4-4CC8-BE39-84A7F653813E/Library/Application Support/FlurryFiles   
  977 AudioAddictiOSDI   Changed xattr  /private/var/mobile/Containers/Data/Application/C63C90DA-66B4-4CC8-BE39-84A7F653813E/Library/Application Support/FlurryFiles/.flurryPersistentUrlsData-1379506788_162.archive   
  977 AudioAddictiOSDI   Changed xattr  /private/var/mobile/Containers/Data/Application/C63C90DA-66B4-4CC8-BE39-84A7F653813E/Library/Application Support/FlurryFiles   
  977 AudioAddictiOSDI   Changed xattr  /private/var/mobile/Containers/Data/Application/C63C90DA-66B4-4CC8-BE39-84A7F653813E/Library/Application Support/FlurryFiles/.flurryPersistenPulseUrlsData-1379506788_162.archive   
  977 AudioAddictiOSDI   Changed xattr  /private/var/mobile/Containers/Data/Application/C63C90DA-66B4-4CC8-BE39-84A7F653813E/Library/Application Support/FlurryFiles   
  977 AudioAddictiOSDI   Changed xattr  /private/var/mobile/Containers/Data/Application/C63C90DA-66B4-4CC8-BE39-84A7F653813E/Library/Application Support/FlurryFiles/.flurryPersistenPulsePrepUrlsData-1379506788_162.archive   
  977 AudioAddictiOSDI   Changed stat   /private/var/mobile/Containers/Data/Application/C63C90DA-66B4-4CC8-BE39-84A7F653813E/Library/Application Support/AudioAddict-di/BlobCache/userblobs.db-shm


But running with either -p/--proc just returns
Code: Select all
Ironman:~ root# filemon --proc /var/mobile/Containers/Bundle/Application/CF8F84A5-6774-4CDE-A588-DC08EC867A3B/AudioAddictiOSDI.app/AudioAddictiOSDI
Some events dropped
*** Warning: Some events may be lost

Re: filemon updated

PostPosted: Thu Aug 11, 2016 5:11 pm
by darkknight
No love J ? :)