A file change log is a physical file on a computer storage device that maintains a listing of the different modifications made to the files and directories within a file system. The file change log does not necessarily track the specific changes made to the data held inside a file; it instead tracks the more generalized information about the file held in the namespace of the file system. In most implementations, a file change log can be accessed as a read-only file by an application so the information it contains is available, but only special system functions within the operating system are allowed to make modifications to the log; this preserves its integrity and prevents malicious modifications. Several programs are able to make use of the file change log to avoid having to scan every file within a file system to determine if any changes have been made. Archiving software, virus scanners, indexing programs for Internet search engines, and network administration suites can all employ a file change log to quickly check for any changes made to the system since the last time a program was run.
Within a file system, a file change log is designed to track high-level changes to files as opposed to atomic changes to the data stored inside the file. This means the log can record changes to the name of the file, the last date the file was modified, or changes to the access permissions of a file. What it does not track are more specific changes, such as exactly what program accessed the file, the location of the data that was changed, or what system functions were used to make the changes.
An actual file change log is a file within the file system it is tracking. The file can be available just like any other file, allowing any program to open and view the information, or it can be a system file that is hidden and intended to be viewed only through the use of calls to the operating system, a method that acts as a gateway in protecting the log. In both situations, the file is read-only to all programs except the core operating system to keep the file ordered and to prevent tampering. Writing changes to the log file is performed only by the operating system, sometimes after a change has been made or other times as part of an automated updating process.
External programs that use the file change log usually do so to prevent having to use very time-consuming procedures that manually step through every file and directory within a file system to look for changes. It also can be used by archiving programs or web crawlers to prevent the programs from having to process information that previously was processed, instead focusing only on the files that have been changed since the last scan. Network administrators can use the log to keep track of any suspicious activity, such as changes to file permissions, which would be much harder to track otherwise.