The Linux kernel has introduced the inotify mechanism since 2.6.13. Through the intofity mechanism, changes in the file system can be monitored, such as file creation, deletion, modification, etc., and the application can be notified in time to process related events. This response processing mechanism avoids frequent file polling tasks and improves the processing efficiency of tasks.
1. Check the system kernel version
[root@iZ25w1kdi5zZ ~]# uname -a Linux iZ25w1kdi5zZ 2.6.32-431.23.3.el6.x86_64 #1 SMP Thu Jul 31 17:20:51 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux
2. Check whether the system supports inotify
[root@iZ25w1kdi5zZ ~]# ls -lsart /proc/sys/fs/inotify total 0 0 dr-xr-xr-x 0 root root 0 Sep 19 09:38 .. 0 -rw-r--r-- 1 root root 0 Jan 1 13:51 max_user_watches 0 -rw-r--r-- 1 root root 0 Jan 1 13:51 max_user_instances 0 -rw-r--r-- 1 root root 0 Jan 1 13:51 max_queued_events 0 dr-xr-xr-x 0 root root 0 Jan 1 13:51 .
If the above result appears, the system supports inotify.
3. Download and install
[root@iZ25w1kdi5zZ src]#wget http://github.com/downloads/rvoicilas/inotify-tools/inotify-tools-3.14.tar.gz [root@iZ25w1kdi5zZ src]# tar -zvxf inotify-tools-3.14.tar.gz [root@iZ25w1kdi5zZ src]# cd inotify-tools-3.14 [root@iZ25w1kdi5zZ inotify-tools-3.14]# ./configure --prefix=/usr/local/inotify [root@iZ25w1kdi5zZ inotify-tools-3.14]# make [root@iZ25w1kdi5zZ inotify-tools-3.14]# make install
4. View the default parameters of inotify
[root@iZ25w1kdi5zZ bin]# sysctl -a | grep max_queued_events fs.inotify.max_queued_events = 16384 [root@iZ25w1kdi5zZ bin]# sysctl -a | grep max_user_watches fs.inotify.max_user_watches = 8192 fs.epoll.max_user_watches = 798863 [root@iZ25w1kdi5zZ bin]# sysctl -a | grep max_user_instances fs.inotify.max_user_instances = 128
5. Modify the inotify parameters
1. Command modification
[root@iZ25w1kdi5zZ bin]# sysctl -w fs.inotify.max_user_instances=130 fs.inotify.max_user_instances = 130
2. File modification
[root@iZ25w1kdi5zZ]# vi /etc/sysctl.conf #Add the following code fs.inotify.max_user_instances=130
3. Parameter description
max_user_instances: The maximum value of inotify instances created by each user
max_queued_events: the maximum length of the inotify queue, if the value is too small, an error will occur, resulting in inaccurate monitoring files
max_user_watches: To know the number of directories contained in the synchronized files, you can use: [root@iZ25w1kdi5zZhome]# find /home/rain -type d|wc -l For statistics, you must ensure that the parameter value is greater than the statistical result (/home/rain is the synchronized file content).
6. Create a real-time monitoring script
[root@iZ25w1kdi5zZ ~]# mkdir -p /opt/scripts [root@iZ25w1kdi5zZ ~]# cd /opt/scripts [root@iZ25w1kdi5zZ scripts]# vi inotify_start.sh /usr/local/inotify/bin/inotifywait -mrq -e modify,create,move,delete \ --fromfile '/opt/scripts/ffile' \ --timefmt '%y-%m-%d %H:%M' --format '%T %f %e' \ --outfile '/tmp/rsync.log'
Common parameters of inotifywait: --timefmt time format %y year %m month %d day %H hours %M minutes --format output format %T time %w path %f file name %e status -m Always keep listening, and exit when an event is triggered by default. -r recursively query the directory -q print out monitoring events -e defines monitored events, available parameters: open open file access access files modify modify file delete delete file create new file attrb attribute change
[root@iZ25w1kdi5zZ scripts]# vi ffile /home/rain/ @/home/rain/cache
[root@iZ25w1kdi5zZ scripts]# chmod a+x ./inotify_start.sh start up: [root@iZ25w1kdi5zZ scripts]# ./inotify_start.sh
[root@iZ25w1kdi5zZ ~]# cd /home/rain [root@iZ25w1kdi5zZ rain]# mkdir yy
[root@iZ25w1kdi5zZ rain]# cat /tmp/rsync.log 16-01-02 16:21 yy CREATE,ISDIR
7. Appendix
1、inotifywait
Instructions for use and parameters:
[root@iZ25w1kdi5zZ bin]# ./inotifywait -h
inotifywait 3.14
Wait for a particular event on a file or set of files.
Usage: inotifywait [ options ] file1 [ file2 ] [ file3 ] [ ... ]
Options:
-h|--help Show this help text.
@<file> Exclude the specified file from being watched.
--exclude <pattern>
Exclude all events on files matching the
extended regular expression <pattern>.
--excludei <pattern>
Like --exclude but case insensitive.
-m|--monitor Keep listening for events forever. Without
this option, inotifywait will exit after one
event is received.
-d|--daemon Same as --monitor, except run in the background
logging events to a file specified by --outfile.
Implies --syslog.
-r|--recursive Watch directories recursively.
--fromfile <file>
Read files to watch from <file> or `-' for stdin.
-o|--outfile <file>
Print events to <file> rather than stdout.
-s|--syslog Send errors to syslog rather than stderr.
-q|--quiet Print less (only print events).
-qq Print nothing (not even events).
--format <fmt> Print using a specified printf-like format
string; read the man page for more details.
--timefmt <fmt> strftime-compatible format string for use with
%T in --format string.
-c|--csv Print events in CSV format.
-t|--timeout <seconds>
When listening for a single event, time out after
waiting for an event for <seconds> seconds.
If <seconds> is 0, inotifywait will never time out.
-e|--event <event1> [ -e|--event <event2> ... ]
Listen for specific event(s). If omitted, all events are
listened for.
Exit status:
0 - An event you asked to watch for was received.
1 - An event you did not ask to watch for was received
(usually delete_self or unmount), or some error occurred.
2 - The --timeout option was given and no events occurred
in the specified interval of time.
Events:
access file or directory contents were read
modify file or directory contents were written
attrib file or directory attributes changed
close_write file or directory closed, after being opened in
writeable mode
close_nowrite file or directory closed, after being opened in
read-only mode
close file or directory closed, regardless of read/write mode
open file or directory opened
moved_to file or directory moved to watched directory
moved_from file or directory moved from watched directory
move file or directory moved to or from watched directory
create file or directory created within watched directory
delete file or directory deleted within watched directory
delete_self file or directory was deleted
unmount file system containing file or directory unmounted
2、inotifywatch
Instructions for use and parameters:
[root@iZ25w1kdi5zZ bin]# ./inotifywatch -h
inotifywatch 3.14
Gather filesystem usage statistics using inotify.
Usage: inotifywatch [ options ] file1 [ file2 ] [ ... ]
Options:
-h|--help Show this help text.
-v|--verbose Be verbose.
@<file> Exclude the specified file from being watched.
--fromfile <file>
Read files to watch from <file> or `-' for stdin.
--exclude <pattern>
Exclude all events on files matching the extended regular
expression <pattern>.
--excludei <pattern>
Like --exclude but case insensitive.
-z|--zero
In the final table of results, output rows and columns even
if they consist only of zeros (the default is to not output
these rows and columns).
-r|--recursive Watch directories recursively.
-t|--timeout <seconds>
Listen only for specified amount of time in seconds; if
omitted or 0, inotifywatch will execute until receiving an
interrupt signal.
-e|--event <event1> [ -e|--event <event2> ... ]
Listen for specific event(s). If omitted, all events are
listened for.
-a|--ascending <event>
Sort ascending by a particular event, or `total'.
-d|--descending <event>
Sort descending by a particular event, or `total'.
Exit status:
0 - Exited normally.
1 - Some error occurred.
Events:
access file or directory contents were read
modify file or directory contents were written
attrib file or directory attributes changed
close_write file or directory closed, after being opened in
writeable mode
close_nowrite file or directory closed, after being opened in
read-only mode
close file or directory closed, regardless of read/write mode
open file or directory opened
moved_to file or directory moved to watched directory
moved_from file or directory moved from watched directory
move file or directory moved to or from watched directory
create file or directory created within watched directory
delete file or directory deleted within watched directory
delete_self file or directory was deleted
unmount file system containing file or directory unmounted