Borrowing a concept from IDS

D

DelJo63

IDS: Intrusion Detection System.

Here's a concept that has many applications - - placing a well-know file name into directories.

  • Application 1: An IDS keeps the last modified timestamp of every file (yiks, is that expensive). But it allows one to investigate files modified since a given point-in-time.

  • Application 2: Instead of uploading every file to a webhost, why not upload only changed files? The trick is to know which files have been changed! (a) create the well-know file name into every directory on the pc AFTER the upload is completed. (b) Then you can ask, Which files have been changed after the timestamp on the well-know filename.

  • Application 3: Which files have been modified since the last backup? Similar to (3), but more global in scope.

Being an old Unix-Hack myself, I rely greatly upon Unix/Linux tools and these are easily supported by the Cygwin Emulator. After I show the concepts below, I am sure they are easily implemented in Windows too.

  • Search: Linux search is executed with FIND
    • find startingDir qualification simpleAction
    • eg: find /webroot -name _fence_.log -ls
    • which means
      • start in the dir /webroot {the starting location}
      • look for the name '_fence_log' {the qualification is file or dirname == '_fence_.log'|
      • and print the timestamp info of it (aka an action like dir _fence_.log)
  • Actions can be performed on the search results
    • for cases like (Application 2) above, mark the entire /webroot as being current using
    • find /webroot -type d -exec touch {}/_fence_.log \; -print
      • meaning start in /webroot
      • find every directory { -type d }
      • then EXECUTE the touch command on the file _fence_.log within that directory
      • (creating the file name if necessary) and giving it today's timestamp
    • Find what has been changed?
      • find /webroot -newer _fence_log xxx
      • where xxx can be -print to show the names or -ls to get the dir filename details
      • -newer _fence_.log means Find me files with timestamps > the timestamp of _fence_.log
    • the results can then be acted upon
For cases like (Application -3) above, just use a different well-known file name, eg _LAST_BACKUP_.log and place it in the Windows \users directory
  • find /users -type d -exec touch {}/_LAST_BACKUP_.log \;
 
Back