Alternative to fseventer for Yosemite?

OK, now this makes sense, FSEventer hasnt been giving me great data in Yosemite.

You want to use opensnoop from the command line. I have been using that instead of fseventer for awhile. You can do things like

sudo opensnoop | grep "cfprefs"

Or run it–do things–press Control-C and manually parse, that is what I normally do.

@matt4836

Appreciate the feedback. I was hoping for a some sort of graphical representation or logging of what was going on to easily identify what I am looking for (when I don't know exactly what I am looking for) So pretty much something like fseventer. I did find that I could load my iosnoop output into Splunk to help parse the data a bit easier, but not exactly a real-time solution.

While looking into various options I discovered that there are a ton of pre-loaded dtrace scripts in OS X. Just do "man -k dtrace" in terminal to list them all out. I am sure most people already knew about this but thought I would pass it along in case anyone else find's it useful.

I'm accustomed to using fs_usage(1). Similar iosnoop(1m).

-Florin

Composers "Monitor File System Changes"

It leverages FSEvents

FSMonitor is an app with similar functionality to fseventer. It isn't free however.

http://fsmonitor.com

(full disclosure: I'm the developer).

Thanks mdtkeiser. I was looking for something like this app.

To just find files that have been modified recently, you can use mdfind:

mdfind 'kMDItemFSContentChangeDate>$time.now(-300)'

mdimport -A lists the names of other metadata attributes.

kMDItemContentModificationDate is taken from EXIF data for files that have EXIF data. I didn't have many files with kMDItemUserModifiedDate within the last year, but they were files I had opened with TextEdit, Script Editor, or Skim.