- Sep 8, 2024
- 6
- 0
- 11
Does someone here know about a tool or system ability in Linux that stores the file size of the latest deleted file (or directory?) within a partition, in near real time quality?
The reason for this request is within following constraints for large partitions (at the moment ~<32GB for acceptable delay with 'du' and 'find', 'diff' commands for scanning the storage tree, with fast storage devices, e.g. SSDs):
If a file is deleted and not known before where this file's location (and name) will be, the whole partition has to be scanned for differences in between before and after the deletion event.
If the kernel or user space system logs the latest deteled file size and path/name for this file for each partition (maybe, that would be activated for that monitoring or analysis task), there would be a reference that's easy to access and includes reliable data for path, name and size of a 'latest' deleted file.
What are the difficulties with such an approach (from Your perspectives)?
- with big size directories, including many/thousands of (small) files, and therefore delay or limitations from latency
Whom to ask for expert advice on Kernel side or for user space (tooling/configuration adjustments) modifications?
What are alternatives with low level changes and low impact to a running ('standard' level) Linux system for getting the size of a deleted file, without scanning/diffing a whole partition or large directory trees (and possibly independent from differences with common/standard file system types)?
Thanks for all Your input and advice.
Best regards
The reason for this request is within following constraints for large partitions (at the moment ~<32GB for acceptable delay with 'du' and 'find', 'diff' commands for scanning the storage tree, with fast storage devices, e.g. SSDs):
If a file is deleted and not known before where this file's location (and name) will be, the whole partition has to be scanned for differences in between before and after the deletion event.
If the kernel or user space system logs the latest deteled file size and path/name for this file for each partition (maybe, that would be activated for that monitoring or analysis task), there would be a reference that's easy to access and includes reliable data for path, name and size of a 'latest' deleted file.
What are the difficulties with such an approach (from Your perspectives)?
- with big size directories, including many/thousands of (small) files, and therefore delay or limitations from latency
Whom to ask for expert advice on Kernel side or for user space (tooling/configuration adjustments) modifications?
What are alternatives with low level changes and low impact to a running ('standard' level) Linux system for getting the size of a deleted file, without scanning/diffing a whole partition or large directory trees (and possibly independent from differences with common/standard file system types)?
Thanks for all Your input and advice.
Best regards
Last edited:
Facebook
Twitter