Reputation: 45
How to monitor file open and file read events in OSX
I have researched on File System Events and Kernel Queues to identify how to monitor events. Unfortunately, these allow notifications only upon modifications, renames or delete events (events that update the state). I need to get a callback upon file open or file read events (for the current user). I understand that the events for files that do not have appropriate permissions will not be accessible.
Any pointers will be helpful.
NOTE: DTrace is out of question as System Integrity Protection disables DTrace and I do not have the option of disabling System Integrity Protection
Upvotes: 3
Views: 1889
Answers (1)
Reputation: 19602
In macOS >=10.11
In macOS >= 11, you can use a Endpoint Security System Extension. See Apple Docs and the "AUTH" version of the "Monitoring System Events with Endpoint Security" Apple sample code.
In macOS 10.4-10.10
In macOS 10.4-10.10 use a Kernel Extension using Kernel Authorization. See archived Apple docs and this Apple sample code.
Upvotes: 1
Related Questions
- How do you update Xcode on OSX to the latest version?
- How to open Visual Studio Code from the command line on OSX?
- How do I install Java on Mac OSX allowing version switching?
- How to avoid "cannot load such file -- utils/popen" from homebrew on OSX
- How can I open the Atom editor from the command line in OS X?
- DTrace objc : invalid probe specifier : "$1 is not referenced"
- FSEventStream: What does the kFSEventStreamCreateFlagIgnoreSelf flag do?
- How can I get notifications that a file is being read on OS X?