Snoop is a GNU/Linux file descriptor monitoring tool inspired by FreeBSD's 'watch'. It goes beyond simple TTY snooping by allowing the interception of any file descriptor. You can attach on the fly to regular files, TTYs, named pipes, character devices, and pretty much anything that is represented by a file descriptor and addressable in the standard name space.
|Tags||Security Monitoring Logging Systems Administration Terminals Utilities|
|Operating Systems||POSIX Linux|
Release Notes: Updated to work with recent kernels.
Release Notes: This release addresses the compatibility issues with recent kernels. It also extends the monitoring capabilities to parent directories in order to intercept creation events and attach targets on the fly.
Release Notes: This version introduces the ability to attach to virtually any type of file descriptor (regular files, sockets, pipes, etc.) using the /proc/[pid]/fd/[fd#] file name format.
Release Notes: This release introduces inotify-based file monitoring, which allows automatic (re)attaching. It also features an improved kernel compatibility layer.
Release Notes: This release introduces some usability improvements and fixes a potentially serious bug. The program now supports attaching to the same FD multiple times (reentrant hooks), keeping track of underlying file operations changes and reporting the number of attached FDs through the userspace utility.