Alternative to fseventer for Yosemite?

FritzsCorner
Contributor III

I used to use the awesome tool fseventer prior to the Yosemite release and was wondering if there were any alternatives to this utility that work under 10.10?

I am aware of the OS X native iosnoop and while it can be of assistance in a pinch, it isn't very easy to parse out the info I am looking for. In some cases I have resorted to using a composer pre and post snapshot to look for diff's but I prefer the ability for a real time solution.

Any other tools/solutions out there I may be missing?

8 REPLIES 8

mikebetzel
New Contributor

OK, now this makes sense, FSEventer hasnt been giving me great data in Yosemite.

matt4836
Contributor II

You want to use opensnoop from the command line. I have been using that instead of fseventer for awhile. You can do things like

sudo opensnoop | grep "cfprefs"

Or run it–do things–press Control-C and manually parse, that is what I normally do.

FritzsCorner
Contributor III

@matt4836

Appreciate the feedback. I was hoping for a some sort of graphical representation or logging of what was going on to easily identify what I am looking for (when I don't know exactly what I am looking for) So pretty much something like fseventer. I did find that I could load my iosnoop output into Splunk to help parse the data a bit easier, but not exactly a real-time solution.

While looking into various options I discovered that there are a ton of pre-loaded dtrace scripts in OS X. Just do "man -k dtrace" in terminal to list them all out. I am sure most people already knew about this but thought I would pass it along in case anyone else find's it useful.

19dbe64904ba477e931154ae7ce1eb1b

Fveja
New Contributor III

I'm accustomed to using fs_usage(1). Similar iosnoop(1m).

-Florin

bentoms
Release Candidate Programs Tester

Composers "Monitor File System Changes"

It leverages FSEvents

mdtkeiser
New Contributor

FSMonitor is an app with similar functionality to fseventer. It isn't free however.

http://fsmonitor.com

(full disclosure: I'm the developer).

6ef6ee0e11034f8babd05d53805d5c9a

warrenmcall
New Contributor III

Thanks mdtkeiser. I was looking for something like this app.

Lri
New Contributor

To just find files that have been modified recently, you can use mdfind:

mdfind 'kMDItemFSContentChangeDate>$time.now(-300)'

mdimport -A lists the names of other metadata attributes.

kMDItemContentModificationDate is taken from EXIF data for files that have EXIF data. I didn't have many files with kMDItemUserModifiedDate within the last year, but they were files I had opened with TextEdit, Script Editor, or Skim.