file_events¶
Track time/action changes to files specified in configuration data.
Platform support¶
Please be aware that some queries can only be run against certain platforms. Below is a list of the supported platforms that this query supports. Zercurity will automatically pause queries from running if errors are detected. Running a query against an unsupported platform will result in the following error: no such table: file_events
- Linux
- Mac OSX
Table schema¶
Name | Type | Description |
---|---|---|
target_path | TEXT | The path associated with the event |
category | TEXT | The category of the file defined in the config |
action | TEXT | Change action (UPDATE, REMOVE, etc) |
transaction_id | BIGINT | ID used during bulk update |
inode | BIGINT | Filesystem inode number |
uid | BIGINT | Owning user ID |
gid | BIGINT | Owning group ID |
mode | TEXT | Permission bits |
size | BIGINT | Size of file in bytes |
atime | BIGINT | Last access time |
mtime | BIGINT | Last modification time |
ctime | BIGINT | Last status change time |
md5 | TEXT | The MD5 of the file after change |
sha1 | TEXT | The SHA1 of the file after change |
sha256 | TEXT | The SHA256 of the file after change |
hashed | INTEGER | 1 if the file was hashed, 0 if not, -1 if hashing failed |
time | BIGINT | Time of file event |
eid | TEXT | Event ID |