Skip to main content
Jamf Nation, hosted by Jamf, is a knowledgeable community of Apple-focused admins and Jamf users. Join us in person at the ninth annual Jamf Nation User Conference (JNUC) this November for three days of learning, laughter and IT love.

Alternative to fseventer for Yosemite?

I used to use the awesome tool fseventer prior to the Yosemite release and was wondering if there were any alternatives to this utility that work under 10.10?

I am aware of the OS X native iosnoop and while it can be of assistance in a pinch, it isn't very easy to parse out the info I am looking for. In some cases I have resorted to using a composer pre and post snapshot to look for diff's but I prefer the ability for a real time solution.

Any other tools/solutions out there I may be missing?

Like Comment
Order by:
SOLVED Posted: by mikebetzel

OK, now this makes sense, FSEventer hasnt been giving me great data in Yosemite.

Like
SOLVED Posted: by matt4836

You want to use opensnoop from the command line. I have been using that instead of fseventer for awhile. You can do things like

sudo opensnoop | grep "cfprefs"

Or run it–do things–press Control-C and manually parse, that is what I normally do.

Like
SOLVED Posted: by FritzsCorner

@matt4836

Appreciate the feedback. I was hoping for a some sort of graphical representation or logging of what was going on to easily identify what I am looking for (when I don't know exactly what I am looking for) So pretty much something like fseventer. I did find that I could load my iosnoop output into Splunk to help parse the data a bit easier, but not exactly a real-time solution.

While looking into various options I discovered that there are a ton of pre-loaded dtrace scripts in OS X. Just do "man -k dtrace" in terminal to list them all out. I am sure most people already knew about this but thought I would pass it along in case anyone else find's it useful.

Like
SOLVED Posted: by Fveja

I'm accustomed to using fs_usage(1). Similar iosnoop(1m).

-Florin

Like
SOLVED Posted: by bentoms

Composers "Monitor File System Changes"

It leverages FSEvents

Like
SOLVED Posted: by mdtkeiser

FSMonitor is an app with similar functionality to fseventer. It isn't free however.

http://fsmonitor.com

(full disclosure: I'm the developer).

Like
SOLVED Posted: by warrenmcall

Thanks mdtkeiser. I was looking for something like this app.

Like
SOLVED Posted: by Lri

To just find files that have been modified recently, you can use mdfind:

mdfind 'kMDItemFSContentChangeDate>$time.now(-300)'

mdimport -A lists the names of other metadata attributes.

kMDItemContentModificationDate is taken from EXIF data for files that have EXIF data. I didn't have many files with kMDItemUserModifiedDate within the last year, but they were files I had opened with TextEdit, Script Editor, or Skim.

Like