How to get a file close event in python

后端 未结 4 1601
小蘑菇
小蘑菇 2021-01-02 05:23

Using python 2.7 on windows 7 64 bit machine.

How to get a file close event:

  1. when file is opened in a new process of file opener (like notepad, wordpad
相关标签:
4条回答
  • 2021-01-02 05:51

    The problem you are facing is not with Python, but with Windows. It can be done, but you will have to write some non-trival C/C++ code for it.

    A file open or a file close user mode notification does not exist in userland on Windows. That's why the libraries suggested by others do not have file close notification. In Windows, the API to detect changes in userland is ReadDirectoryChangesW. It will alert you of one of the following notifications :

    • FILE_ACTION_ADDED if a file was added to the directory.
    • FILE_ACTION_REMOVED if a file was removed from the directory.
    • FILE_ACTION_MODIFIED if a file was modified. This can be a change in the time stamp or attributes.
    • FILE_ACTION_RENAMED_OLD_NAME if a file was renamed and this is the old name.
    • FILE_ACTION_RENAMED_NEW_NAME if a file was renamed and this is the new name.

    No amount of Python can change what Windows provides you with.

    To get a file close notification, tools like Process Monitor install a Minifilter that lives in the kernel, near the top of other filters like EFS.

    To acheive what you want, you would need to:

    1. Install a Minifilter that has the code to send events back to userland. Use Microsoft's Minispy sample, it is stable and fast.
    2. Convert the code from the user program to make it a Python extension (minispy.pyd) that exposes a generator that produces the events. This is the hard part, I will get back to that.
    3. You will have to filter out events, you won't beleive the amount of IO goes on an idle Windows box!
    4. Your Python program can then import your extension and do its thing.

    The whole thing looks something like this :

    A Python wrapper over a Windows Minifilter for filesystem events

    Of course you can have EFS over NTFS, this is just to show that your minifilter would be above all that.

    The hard parts :

    • Your minifilter will have to be digitally signed by an authority Microsoft trusts. Verising comes to mind but there are others.
    • Debugging requires a separate (virtual) machine, but you can make your interface easy to mock.
    • You will need to install the minifilter with an account that has adminstrator rights. Any user will be able to read events.
    • You will have to deal with multi-users your self. There is only one minifilter for many users.
    • You will have to convert user program from the MiniSpy sample to a DLL, which you will wrap with a Python extension.

    The last two are the hardest.

    0 讨论(0)
  • 2021-01-02 05:58

    This has proven to be a very easy task for *nix systems, but on Windows, getting a file close event is not a simple task. Read below the summary of common methods grouped by OS'es.

    For Linux

    On Linux, the filesystem changes can be easily monitored, and in great detail. The best tool for this is the kernel feature called inotify, and there is a Python implementation that uses it, called Pynotify.

    • Pyinotify

      Pyinotify is a Python module for monitoring filesystems changes. Pyinotify relies on a Linux Kernel feature (merged in kernel 2.6.13) called inotify, which is an event-driven notifier. Its notifications are exported from kernel space to user space through three system calls. Pyinotify binds these system calls and provides an implementation on top of them offering a generic and abstract way to manipulate those functionalities.

      Here you can find the list of the events that can be monitored with Pynotify.

      Example usage:

      import pyinotify

      class EventHandler(pyinotify.ProcessEvent):
          def process_IN_CLOSE_NOWRITE(self, event):
              print "File was closed without writing: " + event.pathname
          def process_IN_CLOSE_WRITE(self, event):
              print "File was closed with writing: " + event.pathname
      
      def watch(filename):
          wm = pyinotify.WatchManager()
          mask = pyinotify.IN_CLOSE_NOWRITE | pyinotify.IN_CLOSE_WRITE
          wm.add_watch(filename, mask)
      
          eh = EventHandler()
          notifier = pyinotify.Notifier(wm, eh)
          notifier.loop()
      
      if __name__ == '__main__':
          watch('/path/to/file')
      

    For Windows

    Situation for Windows is quite a bit more complex than for Linux. Most libraries rely on ReadDirectoryChanges API which is restricted and can't detect finer details like file close event. There are however other methods for detecting such events, so read on to find out more.

    • Watcher

      Note: Watcher has been last updated in February 2011, so its probably safe to skip this one.

      Watcher is a low-level C extension for receiving file system updates using the ReadDirectoryChangesW API on Windows systems. The package also includes a high-level interface to emulate most of the .NET FileSystemWatcher API.
      The closest one can get to detecting file close events with Watcher is to monitor the FILE_NOTIFY_CHANGE_LAST_WRITE and/or FILE_NOTIFY_CHANGE_LAST_ACCESS events.

      Example usage:

      import watcher
      w = watcher.Watcher(dir, callback)
      w.flags = watcher.FILE_NOTIFY_CHANGE_LAST_WRITE
      w.start()
      
    • Watchdog

      Python API and shell utilities to monitor file system events. Easy install: $ pip install watchdog. For more info visit the documentation.
      Watchdog on Windows relies on the ReadDirectoryChangesW API, which brings its caveats as with Watcher and other libraries relying on the same API.

    • Pywatch

      A python near-clone of the Linux watch command. The pywatch.watcher.Watcher class can be told to watch a set of files, and given a set of commands to run whenever any of those files change. It can only monitor the file changed event, since it relies on polling the stat's st_mtime.

    Bonus for Windows with NTFS:

    • NTFS USN Journal

      The NTFS USN (Update Sequence Number) Journal is a feature of NTFS which maintains a record of changes made to the volume. The reason it is listed as a Bonus is because unlike the other entries, it is not a specific library, but rather a feature existing on NTFS system. So if you are using other Windows filesystems (like FAT, ReFS, etc..) this does not apply.
      The way it works it that the system records all changes made to the volume in the USN Journal file, with each volume having its own instance. Each record in the Change Journal contains the USN, the name of the file, and information about what the change was.

      The main reason this method is interesting for this question is that, unlike most of the other methods, this one provides a way to detect a file close event, defined as USN_REASON_CLOSE. More information with a complete list of events can be found in this MSDN article. For a complete documentation about USN Journaling, visit this MSDN page.

      There are multiple ways to access the USN Journal from Python, but the only mature option seems to be the ntfsjournal module.

    The "proper" way for Windows:

    • File system filter driver

      As descibed on the MSDN page:

      A file system filter driver is an optional driver that adds value to or modifies the behavior of a file system. A file system filter driver is a kernel-mode component that runs as part of the Windows executive. A file system filter driver can filter I/O operations for one or more file systems or file system volumes. Depending on the nature of the driver, filter can mean log, observe, modify, or even prevent. Typical applications for file system filter drivers include antivirus utilities, encryption programs, and hierarchical storage management systems.

      It is not an easy task to implement a file system filter driver, but for someone who would like to give it a try, there is a good introduction tutorial on CodeProject.

      P.S. Check @ixe013's answer for some additional info about this method.

    Multiplatform

    • Qt's QFileSystemWatcher

      The QFileSystemWatcher class provides an interface for monitoring files and directories for modifications. This class was introduced in Qt 4.2.
      Unfortunately, its functionality is fairly limited, as it can only detect when a file has been modified, renamed or deleted, and when a new file was added to a directory.

      Example usage:

      import sys
      from PyQt4 import QtCore
      
      def directory_changed(path):
          print('Directory Changed: %s' % path)
      
      def file_changed(path):
          print('File Changed: %s' % path)
      
      app = QtCore.QCoreApplication(sys.argv)
      
      paths = ['/path/to/file']
      fs_watcher = QtCore.QFileSystemWatcher(paths)
      fs_watcher.directoryChanged.connect(directory_changed)
      fs_watcher.fileChanged.connect(file_changed)
      
      app.exec_()
      
    0 讨论(0)
  • 2021-01-02 06:02

    I have not found a package that captures open and close events on Windows. As others have mentioned, pyinotify, is an excellent option for Linux based operating systems.

    Since I wasn't able to watch for the closed event, I settled for the modified event. It's very much an 'after the fact' type of solution (ie. I can't pause until I see a file is closed). But, this has worked surprisingly well.

    I've used the watchdog package. The code below is from their sample implementation and watches the current directory if you don't pass a path on the command line, otherwise it watches the path you pass.

    Example call: python test.py or python test.py C:\Users\Administrator\Desktop

    import sys
    import time
    import logging
    from watchdog.observers import Observer
    from watchdog.events import LoggingEventHandler
    if __name__ == "__main__":
        logging.basicConfig(level=logging.INFO,
                            format='%(asctime)s - %(message)s',
                            datefmt='%Y-%m-%d %H:%M:%S')
        path = sys.argv[1] if len(sys.argv) > 1 else '.'
        event_handler = LoggingEventHandler()
        observer = Observer()
        observer.schedule(event_handler, path, recursive=True)
        observer.start()
        try:
            while True:
                time.sleep(1)
        except KeyboardInterrupt:
            observer.stop()
        observer.join() 
    

    This code will show you when files are created, modified, deleted or renamed/moved. You can filter by just modified by watching for the on_modified event.

    0 讨论(0)
  • 2021-01-02 06:06

    You can use Pyfanotyfi or butter.

    I think you'll find this link very usefull: Linux file system events with C, Python and Ruby

    There you will find an example about doing exactly what you want(using pyinotify) this is the code:

    import pyinotify
    
    DIR_TO_WATCH="/tmp/notify-dir"
    FILE_TO_WATCH="/tmp/notify-dir/notify-file.txt"
    
    wm = pyinotify.WatchManager()
    
    dir_events = pyinotify.IN_DELETE | pyinotify.IN_CREATE
    file_events = pyinotify.IN_OPEN | pyinotify.IN_CLOSE_WRITE | pyinotify.IN_CLOSE_NOWRITE
    
    class EventHandler(pyinotify.ProcessEvent):
        def process_IN_DELETE(self, event):
            print("File %s was deleted" % event.pathname) #python 3 style print function
        def process_IN_CREATE(self, event):
            print("File %s was created" % event.pathname)
        def process_IN_OPEN(self, event):
            print("File %s was opened" % event.pathname)
        def process_IN_CLOSE_WRITE(self, event):
            print("File %s was closed after writing" % event.pathname)
        def process_IN_CLOSE_NOWRITE(self, event):
            print("File %s was closed after reading" % event.pathname)
    
    event_handler = EventHandler()
    notifier = pyinotify.Notifier(wm, event_handler)
    
    wm.add_watch(DIR_TO_WATCH, dir_events)
    wm.add_watch(FILE_TO_WATCH, file_events)
    
    notifier.loop()
    
    0 讨论(0)
提交回复
热议问题