mactime

Langue: en

Autres versions - même langue

Version: 255899 (debian - 07/07/09)

Section: 1 (Commandes utilisateur)

Sommaire

NAME

mactime - an mtime, atime, and ctime reporter

SYNOPSIS

mactime [ -DfhlnRsty [ -d directory ] [ -g group ] [ -p passwd ] [ -u user ] [ -b bodyfile ] time1 [ -time2 ]

DESCRIPTION

mactime is a program that attempts to determine what files were accessed or modified within a given time frame. The information is either calculated on the fly (with the -d flag) or taken from an already calculated database; see the program grave-robber)

Format of the time is typically month/date/year - e.g. 4/5/2009. It requires a full four digit year, and the date must be after 1/1/1970.

Time2 is a date that should be after time1; it makes the program look for dates in this range.

OPTIONS

-b file
use this file as an alternate "body" file (the file that has all the information about the file system), instead of what is configured in coroner.cf.
-d
directory. Scans and reports on this directory instead of using the existing database; e.g. does NOT use the existing body database file.
-D
debugging flag. Lots and lots of output. You don't want this!
-f filename
flag files listed in file as a different color (HTML only).
-g group
uses an alternate group file for printing groups.
-h
emit some simple HTML stuff rather than plain ASCII text.
-l
takes "last" output, sort of, as a time. Last looks like:

        zen ttyp2 random.trouble.o Sat Mar 21 16:24 - 11:43 (19:19)

        This program wants everything from the date on; in this case, the:
        "Sat Mar 21 16:24 - 11:43 (19:19)" bit. Note that it calculates
        the time the user was on from the parenthesized time, not the time
        after the "-", which doesn't do multiple days, etc. very well.
        It doesn't understand certain things like "still logged in":

        zen ftp 208.197.253.142 Sun Mar 22 13:49 still logged in

        And other valid last entries from last(1).

-n
takes normal "date" output, which looks something like:         "Tue Apr 7 17:20:43 PDT 1998"
-p passwd
uses an alternate password file for printing uids.
-R
recursively go through subdirectories (only useful with the -d flag)
-s
flag SUID/SGID files as a different color (HTML only).
-t
output in time machine format
-y
Print year first to avoid euro/US data ambiguity - normally stuff is MM/DD/YYYY, this does YYYY/MM/DD.
-u user
flag files owned by user as a different color (HTML only).

FILES

coroner.cf - some global TCT defaults and configuration details (is perl executable code).

SEE ALSO

grave-robber(1), stat(2V)

LICENSE

Distributed under the details found in the COPYRIGHT file found in the root directory of The Coroner's Toolkit.

AUTHOR(S)

 dan farmer
 zen@fish.com
 EarthLink