What Changed On My Mac?

According to Wikipedia, fsevents is an API from Apple that allows applications to register for notifications of changes to a given directory tree. This means that when something changes, an application (or daemon/agent) can see the change and take action or track what happened. For Linux, there’s a similar tool in iNotify.

This time of the year, a lot of imaging and packaging is going on at schools and companies around the world. A lot of people are also moving various settings out of images and into either post-flight packages, automations or managed preferences of some sort. In OS X, it’s easy to make a change on a computer and then isolate what files the change touched. Therefore, you can quickly and easily figure out what changes to make (e.g. to a property list via a management profile if you’re getting away from Managed Preferences or even to a configuration file).

One tool that can help you discover what files were changed on a system is fseventer. This small donateware app is easy to use and quickly informative. To use it, just open and click on the play button at the empty screen.

Once the tool starts running it will show you what’s changing in the background on the computer. Now make the changes that you need to make and click on the pause button.

Click on the middle button beside the play/pause button and you’ll also

Looking at the files changed then tells you what the changes are. Toggling changes back and forth and looking at the impact on the file results in knowing the changes to script/automate/profile manage for each.

You will encounter tons of apps that write generated keys here and there rather than easy to find settings such as what you see above. In those cases there are almost always command line interfaces specifically developed for changing a setting. For example, networksetup should be used to change settings that would otherwise be configured in the Network System Preference pane. This is only one of about 1,000,000,000 ways I’ve seen to do this. Happy to invite others to comment on their favorite way to track what’s changing and script it in OS X and other platforms as well.

One comment

  • Patrick Fergus
    July 12, 2012 - 7:40 am | Permalink

    Two tips:

    – Change the “Maximum number of events” from the default of around 300 to 10,000 in the preferences. Sometimes the results are eaten up by the background noise of the OS.

    – Filters (green funnel toolbar button) are essential for separating out the important stuff (real, changed files) from the unimportant stuff (Symantec Endpoint Protection scanning everything under the sun in /private/tmp)

    Thanks for the site!

    – Patrick

  • Comments are closed.