file_events

Track time/action changes to files specified in configuration data.

Platform support

Please be aware that some queries can only be run against certain platforms. Below is a list of the supported platforms that this query supports. Zercurity will automatically pause queries from running if errors are detected. Running a query against an unsupported platform will result in the following error: no such table: file_events

  • Linux
  • Mac OSX

Table schema

Name Type Description
target_path TEXT The path associated with the event
category TEXT The category of the file defined in the config
action TEXT Change action (UPDATE, REMOVE, etc)
transaction_id BIGINT ID used during bulk update
inode BIGINT Filesystem inode number
uid BIGINT Owning user ID
gid BIGINT Owning group ID
mode TEXT Permission bits
size BIGINT Size of file in bytes
atime BIGINT Last access time
mtime BIGINT Last modification time
ctime BIGINT Last status change time
md5 TEXT The MD5 of the file after change
sha1 TEXT The SHA1 of the file after change
sha256 TEXT The SHA256 of the file after change
hashed INTEGER 1 if the file was hashed, 0 if not, -1 if hashing failed
time BIGINT Time of file event
eid TEXT Event ID

Query examples

Select all the results for the given table.

SELECT * FROM file_events;