Logging all file opens immediately at systemd boot?

Similar Messages

• Wanted: Simple, Straightforward Logging of File Opens and File Closes Per This Specification -- Is Windows Capable of This?

  What is needed is for Windows to log every attempt to open any file on the system.  The log shall contain a timestamp, name of file, the type of access required
  (read only, write only, read and write, exclusive use, non-exclusive use), and name of the process or service that wants the file open.  Also there must be a record of how the operating system disposed of the request.  If the open is successful,
  say so. If not, say so, and why.  We had this info on the mainframe in 1972.  It would be useful to log file close events, as well.  The close event will disclose what the program did to the file.  For example, did the program write into
  the file?  Did the program read from file?  Did the program truncate the file and write?  Did the program extend the file?  Did the program change the name of the file?   Did the program change any file attributes and, if so,
  which ones?  A file can have multiple streams.  Disclose which streams were affected.
  There is a Security Auditing feature in Windows that doesn't meet this specification.  So that is not the answer.   What is the answer? 
  MARK D ROCKMAN

  I have downloaded Process Monitor and tried it on my lab computer. It certainly is comprehensive in its output. I'm going to try it on the production machines in hope of catching clues as to who does what to whom in the file system that is causing
  3rd party software to reboot the computer. The author of the troublesome program claims he must reboot the computer at the drop of a hat. For example, some file he must open right now is "locked" by some other program, not his program mind you, some
  other program. Okay. So what else is running on the production system that may be doing this? Prove that some other program is doing this.  The fact that we must log all file system activity up to the moment of reboot poses a special issue.  
  Will the Process Monitor log lose any file system events because it cannot properly close the log as the system is being rebooted?  It is interesting the Federal Government is fine with Microsoft delivering an operating system that has no comprehensive
  file access logging capability.  Process Monitor may do it.  But one cannot run that behemoth 24/7/365.  (I hear you saying "Oh.  But we have Security Audits."  A CISSP may be impressed with that one.)
  MARK D ROCKMAN

• CC14, all files open with asterisk in file name.

  CC14, all files open with asterisk in file name, need to save or cancel to close file. Is there a way to change that?

  No. It happens to any InDesign file. I created a new file in CC14, saved, closed, opened and it had the asterisk.
  If it is a time synchronization, how do I correct that?

• After the 13.1 retina update, all files open at 50% zoom

  Hi there,
  I have a 15 MacBook Pro retina display, with an external thunderbolt display.  Since the 13.1 update, all files that I open in Photshop open at 50% zoom.  How can I reset it so they open at 100%?  It's really annoying to have to constantly zoom everything that is opened up.
  Thanks!

  As a work-around to your problem:
  1. Make an action that zooms the window to 100% (Photoshop calls it Actual Pixels)
  2. In Scripts Events Manager assign that action to the File Open event.
  From now on every image will open at 100%
  Ronald

• All Files Opening at 72ppi

  Photoshop 10.0.1
  Power Mac G5
  OSX 10.4.11
  2GB DDR SDRAM Memory
  When I open PSD or TIFF (unsure about other file formats) files previously worked on, saved, and then closed at a specific resolution (example 1" x 1" at 300ppi), they now open at 4.167" x 4.167" 72ppi (a size proportional to the saved 300ppi).
  I have both manually deleted the Preference file, as well as rebuilt the Preference file by holding down the Shift-Control-Option-Command keys, and this still is occurring. Any suggestions to have the files open as they were saved, and not as (the apparently new default) 72ppi?
  Perhaps unrelated, Photoshop is occasionally crashing as well, but I am having a difficult time determining exactly what is the cause of that. I did have additional memory installed recently, and was wondering if that may be "failing" and causing the crashes.
  Any suggestions would be very much appreciated.
  Thank you.
  Jim Lukens-Gable

  Any value for ppi is irrelevant to your work on images inside of Photoshop.
  It's best to learn to think of image width & height solely in terms of absolute pixel values, e.g.: 2400pxW × 3600pxH. Internally, Photoshop calculates the raster aspect of images ONLY in pixels. Conversion to other units of measurement are done on-the-fly, and are displayed only as a convenience to the user, if they have chosen to have them display.
  The only reason you ever really need to consider the implications of a ppi value is when you are determining whether you have the proper resolution for the output you're after when you go to print.
  For the web, the ONLY width/height dimensions that matter are expressed in absolute pixel values.

• Office Mac 11 pptx - not all files opening.  When I do Safe Boot mode, the pptx files open correctly. What does this mean? How do I fix? thanks

  Some pptx files do not open. I found whne I did Safe Boot Mode they did open correctly.  Not sure what to do next?

  See "Validate problematic fonts" here:
  Mac Basics: Font Book

• DefaultFont File Opens in Textedit on Boot?

  Can't figure out why this is happening!  OSX 10.8.2 on a 2008 Macbook Pro.  Reset PRAM, restored ML directly from Apple, ran permissions and disk verification with DU...
  At the end of every boot process, TextEdit opens a file called "DefaultFont-locked" that is:
  <?xml version="1.0" encoding="UTF-8"?>
  <!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
  <plist version="1.0">
  <dict>
            <key>FALL_BACK</key>
            <string>en-US</string>
            <key>TABLE_FLAG</key>
            <integer>0x34</integer>
            <key>TABLE_ENTRIES</key>
            <dict>
            </dict>
  </dict>
  </plist>
  Boot process seems to be handling it as a previously open app before shutdown that it is simply restoring. Plist.lockfile? Can't find a file called DefaultFont after unhiding invisible files.  I recently upgraded to a larger HDD and some plist must have gotten corrupted in the file transfer.  I do have a TM backup as well as the original HDD that I replaced.  Any help greatly appreciated!  Thanks.

  You deleted caches, but did you delete the com.apple.iwork.pages.plist found in HD > Users > (your account) > Library > Preferences? This is Pages preference file & would appear to be corrupt.

• Ai file opening by default as PDF and not w/AI CS3/4 on MAC client

  We have recently moved our central file shares of *.*ai files from a windows file server to an EMC Celerra file server CIFS share. After the migration multiple MAC users have reported that some (but not all) *.* ai files on the share open up by default as a PDF file instead of opening up with Adobe Illustrator CS3/4.
  If the user either right clicks - and selects to explicitly open with AI or if mac mouse, control-click and select AI - then the .ai file in question opens properly in CS3 and CS4. However when we double click, the file still opens up in preview as a PDF.
  Is this something we need to change/update on the MAC OS side so that default will be AI? change/update onthe Adobe CS side? Or is this a problem related to the *.*ai files being shared on a EMC Celerra share. Again not all the *.*ai files have this issue - which has created even more questions...
  Any info or suggestions would be deeply appreciated....
  Thank you
  Dave

  I don't know anything about the EMC Cellera share, but I would say that this is a change on the OS side. Apple likes to think that Preview is the natural tool for viewing any PDF content, so Preview is now the default PDF viewer on Mac. You'll need to go to each of the Macs, do a Get Info and set Open With: Illustrator and Change All.
  The reason this is happening on some of the .ai files and not others is that some of them do not contain PDF content (they were saved with PDF Compatibility unchecked.) To make sure that all files open with Illustrator do the Change All step on at least on file that does not have PDF content as well as one that does.
  When Apple made this change in the OS, we asked them, for a way to set the default app programatically so that we could do it as part of the install process, but that didn't happen.

• Office Files Opening Slowly Over The Network

  We have a Windows Server 2012 Standard hosting files.  When opening only Microsoft Office documents, the files will open really slowly.  We are using a blend of Office 2k7 and 2k13.  Each document when opened shows it being downloaded and
  in 30 seconds it will open.  This is happening on computers connected to a GB switch and a standard 10/100 switch.  PDF files that are much larger or image files open immediately.  Browsing is responsive.  Only opening documents either 
  with office open or by browsing to the file, the document opens slowly.

  Glad to see you have your problem resolved. And thanks for sharing the workaround here, this should be helpful to other users who encounter the same problem.
  Thanks,
  Ethan Hua CHN
  TechNet Community Support

• QT 7.2 crash on file open

  I've been trying to view video files off my digital camera today and they do not work. Opining any video file created by that camera causes an immediate crash of quick time player, trying to open in safari causes safari to crash and trying to 'get info' on the file causes the finder to relaunch
  this is on a
  Powermac dual G5
  OS 10.4.10
  QT 7.2
  Camera is a Canon powershot S410
  all files open and work fine on my powerbook G4 with OS 10.4.10 and QT 7.1.5

  The Safari and Finder issues are probably also related to third party codecs you've installed.
  Perian removes the need for those codecs but does not remove them from your machine.
  Rummage through your HD/Library/Internet Plug-Ins folder and remove any with an X in their name.
  Look, too, in your User/HD/Library/QuickTime folder for them.
  Quit and relaunch any open browser and QuickTime and test again.

• How to Fix This? Files open by default at smallest percentage

  Never had this issue in previous versions of Photoshop. Just upgraded to CS6 and played with a few of the Preferences.
  For some reason, all files open at the smallest percentage possible (as small as <1%). Anyone know how to set a default open size, or if I managed to check a box that made this happen? It's really annoying to zoom in on every document that I open.
  - Tim

  No doubt you're on a Mac and have sized the bottom of the application Frame up as high as it will go, to try to emulate the way it looked in the last version you had.
  Try making the window tall again, then eliminating the Application Frame the proper way, by choosing Windows - Application Frame (i.e., uncheck it).
  That should fix it for you.
  -Noel

• MS word keeps crashing on my macbook air. it tries to recover all files when I try to open it then immediately crashes or freezes. It's ms word 2011 and I'm running OS X 10.7.5

  MS word keeps crashing on my macbook air. it tries to recover all files when I try to open it then immediately crashes or freezes. It's ms word 2011 and I'm running OS X 10.7.5

  I am having the same problem. When I save a document in word, particularly with track changes and comments, it freezes and crashes. I fould this forum as I was reading help posted in a previous forum and the "helping" comments were saying this must be a problem on the user end - but that can't be right as so many people are posting this problem. Its clearly an incompatibility between the software from two competing companies. Figure it out Apple!

• I have an iMac. , mid 2007.  Frequently, when I take an action, the little color wheel starts spinning and goes on for quite awhile.  Save a file, close a file, open a file, open a window, it's all random.  Somtimes it stalls, sometimes it doesn't.  Why?

  I have an iMac. , mid 2007.  Frequently, when I take an action, the little color wheel starts spinning and goes on for quite awhile.  Save a file, close a file, open a file, open a window, it's all random.  Somtimes it stalls, sometimes it doesn't.  Sometimes long, sometims short.  Why is this happening?

  Consider adding more memory. Be sure you have adequate free space on the hard drive - 15 GBs or 10% of the drive's capacity, whichever is greater. Do not run too many applications concurrently. Visit The XLab FAQs and read the FAQ on resolving the SBBOD.
  Do some maintenance:
  Repair the Hard Drive and Permissions
  Boot from your Leopard Installer disc. After the installer loads select your language and click on the Continue button. When the menu bar appears select Disk Utility from the Utilities menu. After DU loads select your hard drive entry (mfgr.'s ID and drive size) from the the left side list.  In the DU status area you will see an entry for the S.M.A.R.T. status of the hard drive.  If it does not say "Verified" then the hard drive is failing or failed. (SMART status is not reported on external Firewire or USB drives.) If the drive is "Verified" then select your OS X volume from the list on the left (sub-entry below the drive entry,) click on the First Aid tab, then click on the Repair Disk button. If DU reports any errors that have been fixed, then re-run Repair Disk until no errors are reported. If no errors are reported click on the Repair Permissions button. Wait until the operation completes, then quit DU and return to the installer.
  If DU reports errors it cannot fix, then you will need Disk Warrior and/or Tech Tool Pro to repair the drive. If you don't have either of them or if neither of them can fix the drive, then you will need to reformat the drive and reinstall OS X.
  Kappy's Personal Suggestions for OS X Maintenance
  For disk repairs use Disk Utility.  For situations DU cannot handle the best third-party utilities are: Disk Warrior;  DW only fixes problems with the disk directory, but most disk problems are caused by directory corruption; Disk Warrior 4.x is now Intel Mac compatible. Drive Genius provides additional tools not found in Disk Warrior.  Versions 1.5.1 and later are Intel Mac compatible.
  OS X performs certain maintenance functions that are scheduled to occur on a daily, weekly, or monthly period. The maintenance scripts run in the early AM only if the computer is turned on 24/7 (no sleep.) If this isn't the case, then an excellent solution is to download and install a shareware utility such as Macaroni, JAW PseudoAnacron, or Anacron that will automate the maintenance activity regardless of whether the computer is turned off or asleep.  Dependence upon third-party utilities to run the periodic maintenance scripts was significantly reduced since Tiger.  These utilities have limited or no functionality with Snow Leopard or Lion and should not be installed.
  OS X automatically defragments files less than 20 MBs in size, so unless you have a disk full of very large files there's little need for defragmenting the hard drive. As for virus protection there are few if any such animals affecting OS X. You can protect the computer easily using the freeware Open Source virus protection software ClamXAV. Personally I would avoid most commercial anti-virus software because of their potential for causing problems. For more about malware see Macintosh Virus Guide.
  I would also recommend downloading a utility such as TinkerTool System, OnyX 2.4.3, or Cocktail 5.1.1 that you can use for periodic maintenance such as removing old log files and archives, clearing caches, etc.
  For emergency repairs install the freeware utility Applejack.  If you cannot start up in OS X, you may be able to start in single-user mode from which you can run Applejack to do a whole set of repair and maintenance routines from the command line.  Note that AppleJack 1.5 is required for Leopard. AppleJack 1.6 is compatible with Snow Leopard. There is no confirmation that this version also works with Lion.
  When you install any new system software or updates be sure to repair the hard drive and permissions beforehand. I also recommend booting into safe mode before doing system software updates.
  Get an external Firewire drive at least equal in size to the internal hard drive and make (and maintain) a bootable clone/backup. You can make a bootable clone using the Restore option of Disk Utility. You can also make and maintain clones with good backup software. My personal recommendations are (order is not significant):
  Carbon Copy Cloner
  Data Backup
  Deja Vu
  SuperDuper!
  SyncTwoFolders
  Synk Pro
  Synk Standard
  Tri-Backup
  Visit The XLab FAQs and read the FAQs on maintenance, optimization, virus protection, and backup and restore.
  Additional suggestions will be found in Mac Maintenance Quick Assist.
  Referenced software can be found at CNet Downloads or MacUpdate.
  Be sure you have an adequate amount of RAM installed for the number of applications you run concurrently. Be sure you leave a minimum of 10% of the hard drive's capacity as free space.

• My iMac all of the sudden started going in and out of the dashboard, then started changing all files on the desktop to 2's. It also did this when having another window open. Do I have a virus?

  My iMac all of the sudden started going in and out of the dashboard, then started changing all files on the desktop to 2's. It also did this when having another window open. Do I have a virus?

  There are no viruses that can affect Apple OS X.
  What files do you keep on the Desktop? How many?
  Performance tip: Keep the Desktop clutter-free (empty, if possible)
  Mac OS X's Desktop is the de facto location for downloaded files, and for many users, in-progress works that will either be organized later or deleted altogether. The desktop can also be gluttonous, however, becoming a catch-all for files that linger indefinitely.
  Unfortunately - aside from the effect of disarray it creates - keeping dozens or hundreds of files on the Desktop can significantly degrade performance. Not necessarily because the system is sluggish with regard to rendering the icons on the desktop and storing them in memory persistently (which may be true in some cases), but more likely because keeping an excessive number of items on the Desktop can cause the windowserver process to generate reams of logfiles, which obviously draws resources away from other system tasks. Each of your icons on your desktop is stored as a window in the window server, not as an alias. The more you have stored, the more strain it puts on the window server. Check your desktop for unnecessary icons and clear them out.
  Keeping as few items as possible on the Desktop can prove a surprisingly effective performance boon. Even creating a single folder on your Desktop and placing all current and future clutter inside, then logging out and back in can provide an immediately noticeable speed boost, particularly for the Finder.
  And it is why Apple invented 'Stacks' for Leopard.
  Here is Apple's take on the subject:
  http://www.apple.com/pro/tips/immaculate_desktop.html

• [SOLVED]Couldn't open file for 'Log debug file /var/log/tor/debug.log'

  Hello,
  I'm trying to run a tor relay on my arch linux box. Trying to launch the tor daemon, here's the log via
  $ systemctl status tor.service
  May 20 11:53:10 arch tor[21726]: May 20 11:53:10.877 [notice] Tor v0.2.4.21 (git-505962724c05445f) running on Linux with Libevent 2.0.21-stable and OpenSSL 1.0.1g.
  May 20 11:53:10 arch tor[21726]: May 20 11:53:10.877 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning
  May 20 11:53:10 arch tor[21726]: May 20 11:53:10.877 [notice] Read configuration file "/etc/tor/torrc".
  May 20 11:53:10 arch tor[21726]: May 20 11:53:10.909 [notice] Opening Socks listener on 127.0.0.1:9050
  May 20 11:53:10 arch tor[21726]: May 20 11:53:10.909 [notice] Opening OR listener on 0.0.0.0:9798
  May 20 11:53:10 arch tor[21726]: May 20 11:53:10.000 [warn] Couldn't open file for 'Log debug file /var/log/tor/debug.log': Permission denied
  May 20 11:53:10 arch tor[21726]: May 20 11:53:10.000 [notice] Closing partially-constructed Socks listener on 127.0.0.1:9050
  May 20 11:53:10 arch tor[21726]: May 20 11:53:10.000 [notice] Closing partially-constructed OR listener on 0.0.0.0:9798
  May 20 11:53:10 arch tor[21726]: May 20 11:53:10.000 [warn] Failed to parse/validate config: Failed to init Log options. See logs for details.
  May 20 11:53:10 arch tor[21726]: May 20 11:53:10.000 [err] Reading config failed--see warnings above.
  May 20 11:53:10 arch systemd[1]: tor.service: main process exited, code=exited, status=255/n/a
  May 20 11:53:10 arch systemd[1]: Unit tor.service entered failed state.
  Why the tor daemon cannot write into /var/log/tor/debug.log ?
  Here's my /etc/group
  root:x:0:root
  bin:x:1:root,bin,daemon
  daemon:x:2:root,bin,daemon
  sys:x:3:root,bin
  adm:x:4:root,daemon,nue
  tty:x:5:
  disk:x:6:root
  lp:x:7:daemon
  mem:x:8:
  kmem:x:9:
  wheel:x:10:root,nue
  ftp:x:11:
  mail:x:12:
  uucp:x:14:
  log:x:19:root
  utmp:x:20:
  locate:x:21:
  rfkill:x:24:
  smmsp:x:25:
  http:x:33:
  games:x:50:
  lock:x:54:
  uuidd:x:68:
  dbus:x:81:
  network:x:90:
  video:x:91:
  audio:x:92:
  optical:x:93:
  floppy:x:94:
  storage:x:95:
  scanner:x:96:
  power:x:98:
  nobody:x:99:
  users:x:100:
  systemd-journal:x:190:
  nue:x:1000:
  avahi:x:84:
  lxdm:x:121:
  polkitd:x:102:
  git:x:999:
  transmission:x:169:
  vboxusers:x:108:
  tor:x:43:
  mysql:x:89:
  Last edited by giuscri (2014-05-20 12:18:56)

  SidK wrote:You must have modified your torrc to print to that log file. systemd starts the service as the tor user (see /usr/lib/systemd/system/tor.service). So if if you want to log to a file the tor user must have write access to it. By default however tor it set to log to the journal, which doesn't require any special permissions.
  Yes. I did edit the torrc file since I wanted the log to be store in that file. Indeed
  ## Logs go to stdout at level "notice" unless redirected by something
  ## else, like one of the below lines. You can have as many Log lines as
  ## you want.
  ## We advise using "notice" in most cases, since anything more verbose
  ## may provide sensitive information to an attacker who obtains the logs.
  ## Send all messages of level 'notice' or higher to /var/log/tor/notices.log
  #Log notice file /var/log/tor/notices.log
  ## Send every possible message to /var/log/tor/debug.log
  Log debug file /var/log/tor/debug.log
  ## Use the system log instead of Tor's logfiles
  Log notice syslog
  ## To send all messages to stderr:
  #Log debug stderr
  I missed the file systemd uses to choose who's the process owner.
  Course, I could edit /usr/lib/systemd/system/tor.service such that root will become the process owner; or, I could add the user I use everyday in the root group, then change the permission of /var/log/tor/debug.log such that it will be writable also for the folks in the root group.
  Yet they both seems to be a bit unsafe ...
  What is the best choice, to you guys?
  Thanks,