5

Monitor file changes showing file contents changed

view full story
linux-howto

http://serverfault.com – My question is similar to Find out which process is changing a file , but i need something more. inotify only tells about few events on a file, Auditd also just gives us pid which did something to file. but i need to know more details about the changes, like what did the process actually did to file, for example the contents of the file added or removed, if new file added then who added that file, if permissions were changed then by whom, and what were before/after permissions etc. in short, is there any Alternative to inofity anf AuditD? I am using OSSEC for this purpose as well, but need to (HowTos)