Hoping you might have some thoughts on if its possible to track the relationships between files?
Eg convert a.jpg b.jpg.
I would like to know that b.jpg was created from a.jpg.
Wondering if there is some magic on the backend that would allow you to see the connection between that read and write?
I doubt it, at least not exactly - we would need to know how convert works - that it actually takes the contents of one file and creates another based on it (and which is which). This would be different for each command / program.
What you could do would be to track file accesses using the auditd module - though that would not track the relationship.
This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.