CentOS 5
Sponsored Link

Monitor files by inotify
2010/05/05
  Monitor adding/updating/removing files by inotify

[1] Install inotify first
[root@rx7 ~]#
yum --enablerepo=dag -y install inotify-tools
 
# install from DAG
[2] Try to use inotify.
[root@rx7 ~]#
/usr/bin/inotifywait -e create,delete,modify,move -mrq /etc &

[2] 13077

# try to create a file under /etc

[root@rx7 ~]#
touch /etc/test.txt

/etc/ CREATE test.txt
# detected


# try to rename a file

[root@rx7 ~]#
mv /etc/test.txt /etc/test.conf

/etc/ MOVED_FROM test.txt
/etc/ MOVED_TO test.conf
# detected


# try to remove a file

[root@rx7 ~]#
rm -f /etc/test.conf

/etc/ DELETE test.conf
# detected
[3] Get logs of changing something under the objective directory fir inotify.
[root@rx7 ~]#
vi inotify.sh


#!/bin/sh

/usr/bin/inotifywait -e create,delete,modify,move \
    -mrq /etc | while read line; do
    echo -n "$line " >> /var/log/inotify.log
    echo `date | cut -d " " -f1-4` >> /var/log/inotify.log
done


[root@rx7 ~]#
chmod 700 inotify.sh

[root@rx7 ~]#
./inotify.sh &

[1] 15013

# try to action something

[root@rx7 ~]#
touch /etc/test.txt

[root@rx7 ~]#
mv /etc/test.txt /etc/test.conf

[root@rx7 ~]#
vi /etc/test.conf
# edit something

[root@rx7 ~]#
rm -f /etc/test.conf


# logs are got like follows

[root@rx7 ~]#
cat /var/log/inotify.log

/etc/ CREATE test.txt Tue Oct 13 21:23:08
/etc/ MOVED_FROM test.txt Tue Oct 13 21:23:18
/etc/ MOVED_TO test.conf Tue Oct 13 21:23:18
/etc/ CREATE .test.conf.swp Tue Oct 13 21:23:32
/etc/ CREATE .test.conf.swx Tue Oct 13 21:23:32
/etc/ DELETE .test.conf.swx Tue Oct 13 21:23:32
/etc/ DELETE .test.conf.swp Tue Oct 13 21:23:32
/etc/ CREATE .test.conf.swp Tue Oct 13 21:23:32
/etc/ MODIFY .test.conf.swp Tue Oct 13 21:23:32
/etc/ MODIFY .test.conf.swp Tue Oct 13 21:23:33
/etc/ CREATE 4913 Tue Oct 13 21:23:35
/etc/ DELETE 4913 Tue Oct 13 21:23:35
/etc/ MOVED_FROM test.conf Tue Oct 13 21:23:35
/etc/ MOVED_TO test.conf~ Tue Oct 13 21:23:35
/etc/ CREATE test.conf Tue Oct 13 21:23:35
/etc/ MODIFY test.conf Tue Oct 13 21:23:35
/etc/ MODIFY .test.conf.swp Tue Oct 13 21:23:35
/etc/ DELETE test.conf~ Tue Oct 13 21:23:35
/etc/ DELETE .test.conf.swp Tue Oct 13 21:23:35
/etc/ DELETE test.conf Tue Oct 13 21:23:43
Matched Content
 
Tweet