errr-online.com

Monitor a directory or file for changes on Linux using inotify

by on Feb.25, 2011, under Linux

Many times you may need to watch or monitor a file or directory for changes. When you look around for how to do this you will see MANY people suggesting that you use lsof and that does work very well. Another solution is the use of incron. This solution works far better for the cases where I have needed to know more of what is going on with a file or directory.

Installing incron is simple. On Debian and Ubuntu a simple

apt-get install incron

will get it done. Once it is installed you can add your users who will be allowed to use incron to the /etc/incron/incron.allow file. Thats it your user should now be able to use incrontab -e. For my examples I will be using root, and all the scripts I make will be for root only.

Next its time to talk a little about incron. It will work sort of the same as a regular crontab except that it is event driven and not time scheduled, so the syntax of the file will be a bit different. It is in the format:

<path> <mask> <command>

Where <path> is an absolute path on the file system that will be monitored. <mask> is an event symbol. For a full list of event symbols see man 5 incrontab. <command> is the command that will run when the event in the mask section happens. For this example I am going to use the IN_ALL_EVENTS mask, and show you a simple shell script you can use to just log some basic info about whats going on in our watched directory.

Lets make our shell script. Using your favorite text editor create the file /usr/local/sbin/incron_logger.sh In that file add the following:

#!/bin/bash
logfile=/var/log/inotify_backup_changes_test.log
path=$1
file=$2
event=$3
datetime=`date --rfc-3339=ns`
echo "${datetime} Change made in path: " ${path} >> ${logfile}
echo "${datetime} Change made to file: " ${file} >> ${logfile}
echo "${datetime} Change made due to event: " ${event} >> ${logfile}
echo "${datetime} End" >> ${logfile}

Save this file and chmod 700 the file. Next still as root type:

incrontab -e

The first thing we add is the path, in my case I want to monitor /tmp/watch_me This is just a directory in /tmp that I have created for the purpose of this demo. Next I will add the IN_ALL_EVENTS mask, and finally the command /usr/local/sbin/incron_logger.sh and then some args to call the script with. My completed incrontab entry looks as follows:

/tmp/watch_me IN_ALL_EVENTS /usr/local/sbin/incron_logger.sh $@ $# $%

The symbols added after the command are for the path,event related file name, and finally the event flag that triggered the command to run. Lets save this entry and go create some files and see what happens.

First I will create a file:
touch /tmp/watch_me/testfile1
Now lets take a look at the log:
cat /var/log/inotify_backup_changes_test.log
You should now see:

2011-02-25 10:05:18.450733000-06:00 Change made in path: /tmp/watch_me
2011-02-25 10:05:18.450733000-06:00 Change made to file: testfile1
2011-02-25 10:05:18.450733000-06:00 Change made due to event: IN_ATTRIB
2011-02-25 10:05:18.450733000-06:00 End
2011-02-25 10:05:18.454378794-06:00 Change made in path: /tmp/watch_me
2011-02-25 10:05:18.454378794-06:00 Change made to file: testfile1
2011-02-25 10:05:18.454378794-06:00 Change made due to event: IN_OPEN
2011-02-25 10:05:18.454378794-06:00 End
2011-02-25 10:05:18.456283635-06:00 Change made in path: /tmp/watch_me
2011-02-25 10:05:18.456283635-06:00 Change made to file: testfile1
2011-02-25 10:05:18.456283635-06:00 Change made due to event: IN_CREATE
2011-02-25 10:05:18.456283635-06:00 End
2011-02-25 10:05:18.457849952-06:00 Change made in path: /tmp/watch_me
2011-02-25 10:05:18.457849952-06:00 Change made to file: testfile1
2011-02-25 10:05:18.457849952-06:00 Change made due to event: IN_CLOSE_WRITE
2011-02-25 10:05:18.457849952-06:00 End

As you can see from this log we know when the file is opened for writing to make it, and then we know as soon as its been closed. This can be handy for many things, Ill let your imagination run wild on what you can do with this. If you have any questions or comments please feel free to ask and I will do my best to answer them.

:, , , , , ,

2 Comments for this entry

1 Trackback or Pingback for this entry

Leave a Reply

Looking for something?

Use the form below to search the site:

Still not finding what you're looking for? Drop a comment on a post or contact us so we can take care of it!

Blogroll

A few highly recommended websites...