Dear Twitterverse: I'm looking for a resource (book or similar) that goes into depth on Linux file systems including transaction logs or other important logging mechanisms. Any suggestions? Something analogous to the USN or NTFS logs on Windows.

Also not clear on the context for your request. You could track file access in excessive detail using auditd on Linux, but it would have to be configured beforehand. Won’t help if you’re investigating activity that has already happened.

I’m looking for a way I can automate the collection of file system related events. I’m collecting a lot of artifacts from target systems, and I know istat is pulling the data from “somewhere”.