How to continuously monitor the directory using dnotify /inotify command

Question

I am new to dnotify/inotify command. Can any one help me how to write a script such that it continuously monitors a directory and indicates that there is some change or modi

Answer 1

Inotify itself is a kernel module accesible via calls from e.g. a C program. http://www.ibm.com/developerworks/linux/library/l-ubuntu-inotify/

There is an application suite called inotify-tools, which contains:

inotifywait - wait for changes to files using inotify

http://linux.die.net/man/1/inotifywait

and

inotifywatch - gather filesystem access statistics using inotify

http://linux.die.net/man/1/inotifywatch

You can use inotify directly from command line, e.g. like this to continuously monitor for all changes under home directory (may generate lots of output):

inotifywait -r -m $HOME

And here is a script that monitors continuously and reacts to Apache log activity, copied from the man file of inotifywait:

#!/bin/sh
while inotifywait -e modify /var/log/messages; do
  if tail -n1 /var/log/messages | grep httpd; then
    kdialog --msgbox "Apache needs love!"
  fi
done

Answer 2

As I said on https://superuser.com/a/747574/28782, I made a helper script that uses inotifywait without some of its direct limitations: inotifyexec

Usage example (supposing you've added it in your system path as executable):

inotifyexec "echo test" -r .

Answer 3

Below is what I use to see operations on an individual file. "-m" causes monitoring vs. exit after just one event. To get timestamps, you need at least 3.13 version of inotify-tools, but if that is not important (or not available on your OS or hard to update to) you can skip the timefmt and format options. "cat /etc/resolv.conf" in another shell leads to the results below:

$ inotifywait -m --timefmt '%H:%M' --format '%T %w %e %f' /etc/resolv.conf

Setting up watches.  
Watches established.
12:49 /etc/resolv.conf OPEN 
12:49 /etc/resolv.conf ACCESS 
12:49 /etc/resolv.conf CLOSE_NOWRITE,CLOSE 

inotifywait has options for monitoring directories as well, so check the manpage. Add -r for recursive to monitor children of a dir.

Here's an example with the commands I typed in a different window shown with "->" prefix:

$ inotifywait -mr --timefmt '%H:%M' --format '%T %w %e %f' /home/acarwile/tmpdir
Setting up watches.  Beware: since -r was given, this may take a while!
Watches established.

-> cd into directory, no info
-> ls in directory
13:15 /home/acarwile/tmpdir/ OPEN,ISDIR 
13:15 /home/acarwile/tmpdir/ CLOSE_NOWRITE,CLOSE,ISDIR 

-> touch newfile
13:16 /home/acarwile/tmpdir/ CREATE newfile
13:16 /home/acarwile/tmpdir/ OPEN newfile
13:16 /home/acarwile/tmpdir/ ATTRIB newfile
13:16 /home/acarwile/tmpdir/ CLOSE_WRITE,CLOSE newfile

-> mv newfile renamedfile
13:16 /home/acarwile/tmpdir/ MOVED_FROM newfile
13:16 /home/acarwile/tmpdir/ MOVED_TO renamedfile

-> echo hello >renamedfile
13:16 /home/acarwile/tmpdir/ MODIFY renamedfile
13:16 /home/acarwile/tmpdir/ OPEN renamedfile
13:16 /home/acarwile/tmpdir/ MODIFY renamedfile
13:16 /home/acarwile/tmpdir/ CLOSE_WRITE,CLOSE renamedfile

-> touch renamedfile
13:17 /home/acarwile/tmpdir/ OPEN renamedfile
13:17 /home/acarwile/tmpdir/ ATTRIB renamedfile
13:17 /home/acarwile/tmpdir/ CLOSE_WRITE,CLOSE renamedfile

-> rm renamedfile
13:17 /home/acarwile/tmpdir/ DELETE renamedfile

-> cd ..; rmdir tmpdir
13:17 /home/acarwile/tmpdir/ DELETE_SELF 

After the above, I tried to remake the tmpdir ("mkdir tmpdir") but got no output from that. The new tmpdir is not the same directory as the old tmpdir. Time to just ^C and stop itnotifywait.