This may be a general Unix question rather than a OS X question.
I want to log general file transfers on OS X, whether it be from and to the same system or to another system, but to keep it simple assume that this is all internal to one computer and file system.
I simply want to be able to execute the mv command several times, then go back through a log file and see what was moved and where it was moved at a later time. The caveat is that I want to also log file transfers initiated the GUI when dragging folders and files into the same log file.
(If it was a directory, it would also show the contents of what was moved in that directory.)
An Example might be these files created and moved in the terminal and in the GUI
1pm: $ vi testfile1.txt
2pm: $ mv testfile1.txt MyMovedFile.txt
2:30pm – GUI file moved ~/myTestFile.txt ~/Documents/myTestFile.txt
3pm: $ mv MyMovedFile.txt MyNewFile.txt
The log would then show the history for me:
2pm: testfile1.txt MyMovedFile.txt
2:30pm ~/myTestFile.txt ~/Documents/myTestFile.txt
3pm: MyMovedFile.txt MyNewFile.txt
If it was really fancy, it may show me the return code of the file transfer also.
Best Answer
Have a look at
iosnoopor possiblyfs_usage. Although what you want isn't easy to accomplish without major filtering, because "file transfers" can be a lot of different things at syscall level:mvon the same mount point will move a filemvacross mount points will create a new file at the destination and unlink the originalBoth above tools rely on DTrace, which is a very powerful tracing framework and can probably be scripted to filter down to most of what you want, but it'll take some work. There are example scripts in
/usr/bin/*.d(e.g./usr/bin/iofile.d) and documentation can be found at Oracle (OS X DTrace is a port of the original Solaris version).