浮雲雅築: [研究] inotify-tools 免費目錄即時監控工具試用 (CentOS 8.2)

[研究] inotify-tools 免費目錄即時監控工具試用 (CentOS 8.2)

2020-06-19

inotify - 維基百科，自由的百科全書

https://zh.wikipedia.org/wiki/Inotify

Linux核心 - 維基百科，自由的百科全書

https://zh.wikipedia.org/wiki/Linux%E5%86%85%E6%A0%B8

inotify 說明

https://man7.org/linux/man-pages/man7/inotify.7.html

inotify-tools 官方網站

https://github.com/inotify-tools/inotify-tools/wiki

Linux Kernal 從 2.6.13 開始提供 inotify 機制，程式設計師可以使用它提供的 function，對文件變化進行監控。

於是有人開發了使用 inotify 機制的工具 inotify-tools，省去自行開發麻煩，可以直接使用的工具。

CentOS 8.1 安裝後，預設沒有 inotify-tools 可用，

inotify-tools 包含 inotifywait 和 inotifywatch，也都沒得用。

yum 安裝也沒也提供它。

所以必須手動下載 .tar.gz 安裝，或先安裝 epel-release 讓 yum 可以安裝。

套件下載

https://github.com/inotify-tools/inotify-tools/releases

https://github.com/inotify-tools/inotify-tools/releases/download/3.20.2.2/inotify-tools-3.20.2.2.tar.gz

安裝步驟

https://github.com/inotify-tools/inotify-tools/wiki

檢查 kernel 版本

[root@localhost ~]# uname -r

4.18.0-193.el8.x86_64

確認是否支援

[root@localhost ~]# ls -lsart /proc/sys/fs/inotify

total 0

0 dr-xr-xr-x. 1 root root 0 Jun 19 13:33 ..

0 -rw-r--r--. 1 root root 0 Jun 19 13:33 max_user_watches

0 dr-xr-xr-x. 1 root root 0 Jun 19 13:33 .

0 -rw-r--r--. 1 root root 0 Jun 19 13:44 max_user_instances

0 -rw-r--r--. 1 root root 0 Jun 19 13:44 max_queued_events

[root@localhost ~]#

開始下載、編譯、安裝

[root@localhost ~]#wget http://github.com/downloads/rvoicilas/inotify-tools/inotify-tools-3.20.2.2.tar.gz

[root@localhost ~]# tar -zvxf inotify-tools-3.20.2.2.tar.gz

[root@localhost ~]# cd inotify-tools-3.20.2.2

[root@localhost inotify-tools-3.20.2.2]# yum -y install gcc make

[root@localhost inotify-tools-3.20.2.2]# ./configure --prefix=/usr/local/inotify

[root@localhost inotify-tools-3.20.2.2]# make

[root@localhost inotify-tools-3.20.2.2]# make install

編輯執行 shell script

[root@localhost ~]# vi /root/inotify.sh

內容如下 (架設目錄列表存放於 /root/watchdir ，輸出 log 在 /root/inotify.log (檔案名稱和路徑可以自己改)

/usr/local/inotify/bin/inotifywait -mrq -e modify,create,move,delete --fromfile '/root/watchdir' --timefmt '%y-%m-%d %H:%M' --format '%T %w%f %e' --outfile '/root/inotify.log' &

編輯要監控的目錄列表 (名稱要和上面對應)

[root@localhost ~]# vi /root/watchdir

內容 (依照自己需求改)

/var/www/html

設定為可執行，然後執行

[root@localhost ~]# chmod 755 inotify.sh

[root@localhost ~]# ./inotify.sh

測試：建立個新檔案看看

[root@localhost ~]# touch /var/www/html/new.txt

[root@localhost ~]# cat inotify.log

20-06-19 13:51 /var/www/html/new.txt CREATE

[root@localhost ~]#

inotifywait 相關說明如下：

[root@localhost ~]# inotifywait -h
inotifywait 3.20.2.2
Wait for a particular event on a file or set of files.
Usage: inotifywait [ options ] file1 [ file2 ] [ file3 ] [ ... ]
Options:
	-h|--help     	Show this help text.
	@<file>       	Exclude the specified file from being watched.
	--exclude <pattern>
	              	Exclude all events on files matching the
	              	extended regular expression <pattern>.
	              	Only the last --exclude option will be
	              	taken into consideration.
	--excludei <pattern>
	              	Like --exclude but case insensitive.
	--include <pattern>
	              	Exclude all events on files except the ones
	              	matching the extended regular expression
	              	<pattern>.
	--includei <pattern>
	              	Like --include but case insensitive.
	-m|--monitor  	Keep listening for events forever or until --timeout expires.
	              	Without this option, inotifywait will exit after one event is received.
	-d|--daemon   	Same as --monitor, except run in the background
	              	logging events to a file specified by --outfile.
	              	Implies --syslog.
	-r|--recursive	Watch directories recursively.
	--fromfile <file>
	              	Read files to watch from <file> or `-' for stdin.
	-o|--outfile <file>
	              	Print events to <file> rather than stdout.
	-s|--syslog   	Send errors to syslog rather than stderr.
	-q|--quiet    	Print less (only print events).
	-qq           	Print nothing (not even events).
	--format <fmt>	Print using a specified printf-like format
	              	string; read the man page for more details.
	--timefmt <fmt>	strftime-compatible format string for use with
	              	%T in --format string.
	-c|--csv      	Print events in CSV format.
	-t|--timeout <seconds>
	              	When listening for a single event, time out after
	              	waiting for an event for <seconds> seconds.
	              	If <seconds> is negative, inotifywait will never time out.
	-e|--event <event1> [ -e|--event <event2> ... ]
		Listen for specific event(s).  If omitted, all events are 
		listened for.

Exit status:
	0  -  An event you asked to watch for was received.
	1  -  An event you did not ask to watch for was received
	      (usually delete_self or unmount), or some error occurred.
	2  -  The --timeout option was given and no events occurred
	      in the specified interval of time.

Events:
	access		file or directory contents were read
	modify		file or directory contents were written
	attrib		file or directory attributes changed
	close_write	file or directory closed, after being opened in
	           	writeable mode
	close_nowrite	file or directory closed, after being opened in
	           	read-only mode
	close		file or directory closed, regardless of read/write mode
	open		file or directory opened
	moved_to	file or directory moved to watched directory
	moved_from	file or directory moved from watched directory
	move		file or directory moved to or from watched directory
	move_self		A watched file or directory was moved.
	create		file or directory created within watched directory
	delete		file or directory deleted within watched directory
	delete_self	file or directory was deleted
	unmount		file system containing file or directory unmounted

inotifywatch 相關說明如下：

[root@localhost ~]# inotifywatch -h
inotifywatch 3.20.2.2
Gather filesystem usage statistics using inotify.
Usage: inotifywatch [ options ] file1 [ file2 ] [ ... ]
Options:
	-h|--help    	Show this help text.
	-v|--verbose 	Be verbose.
	@<file>       	Exclude the specified file from being watched.
	--fromfile <file>
		Read files to watch from <file> or `-' for stdin.
	--exclude <pattern>
		Exclude all events on files matching the extended regular
		expression <pattern>.
	--excludei <pattern>
		Like --exclude but case insensitive.
	--include <pattern>
		Exclude all events on files except the ones
		matching the extended regular expression
		<pattern>.
	--includei <pattern>
		Like --include but case insensitive.
	-z|--zero
		In the final table of results, output rows and columns even
		if they consist only of zeros (the default is to not output
		these rows and columns).
	-r|--recursive	Watch directories recursively.
	-t|--timeout <seconds>
		Listen only for specified amount of time in seconds; if
		omitted or negative, inotifywatch will execute until receiving an
		interrupt signal.
	-e|--event <event1> [ -e|--event <event2> ... ]
		Listen for specific event(s).  If omitted, all events are 
		listened for.
	-a|--ascending <event>
		Sort ascending by a particular event, or `total'.
	-d|--descending <event>
		Sort descending by a particular event, or `total'.

Exit status:
	0  -  Exited normally.
	1  -  Some error occurred.

Events:
	access		file or directory contents were read
	modify		file or directory contents were written
	attrib		file or directory attributes changed
	close_write	file or directory closed, after being opened in
	           	writeable mode
	close_nowrite	file or directory closed, after being opened in
	           	read-only mode
	close		file or directory closed, regardless of read/write mode
	open		file or directory opened
	moved_to	file or directory moved to watched directory
	moved_from	file or directory moved from watched directory
	move		file or directory moved to or from watched directory
	move_self		A watched file or directory was moved.
	create		file or directory created within watched directory
	delete		file or directory deleted within watched directory
	delete_self	file or directory was deleted
	unmount		file system containing file or directory unmounted
[root@localhost ~]#