inotifywait命令
inotify可以对linux 文件系统进行高效性、细粒度、异步的监控,用于通知用户控件程序的文件系统变化。inotify可以监控文件,也可以监控目录,配合rsync实现文件的实时同步功能。
首先安装inotify软件,先检查自己的系统版本(uname -r),我的是centos 7的系统,我的步骤是
1、首先检查自己的电脑是否已经安装了这个软件。 rpm -qa inotify-tools
2、检查仓库中是否有这个软件。 yum search inotify-tools
3、发现这个软件不在yum仓库中,安装对应的epel源。
wget -O /etc/yum.repos.d/epel-7.repo http://mirrors.aliyun.com/repo/epel-7.repo
yum clean all
yum makecache
4、安装inotify-tools软件
yum install inotify-tools -y
5、查看inotifywait的简单用法
[root@backup ~]# inotifywait --help inotifywait 3.14 Wait for a particular event on a file or set of files. Usage: inotifywait [ options ] file1 [ file2 ] [ file3 ] [ ... ] Options: -h|--help Show this help text. @<file> Exclude the specified file from being watched. --exclude <pattern> Exclude all events on files matching the extended regular expression <pattern>.指定排除部分文件 --excludei <pattern> Like --exclude but case insensitive.(同上,排除且忽略大小写) -m|--monitor Keep listening for events forever. Without this option, inotifywait will exit after one event is received.(持续监听) -d|--daemon Same as --monitor, except run in the background logging events to a file specified by --outfile. Implies --syslog.(daemon模式) -r|--recursive Watch directories recursively.(递归子目录) --fromfile <file> Read files to watch from <file> or `-' for stdin. -o|--outfile <file> Print events to <file> rather than stdout. (将事件输出到文件,而不是屏幕) -s|--syslog Send errors to syslog rather than stderr. -q|--quiet Print less (only print events).(打印事件) -qq Print nothing (not even events).(不打印事件) --format <fmt> Print using a specified printf-like format string; read the man page for more details. (设置打印格式%T时间;%w触发事件文件所在绝对路径;%f触发事件文件名称;%e触发的事件名称;) --timefmt <fmt> strftime-compatible format string for use with %T in --format string.(指定输出内容,相当于将时间赋值给%T) -c|--csv Print events in CSV format. -t|--timeout <seconds> When listening for a single event, time out after waiting for an event for <seconds> seconds. If <seconds> is 0, inotifywait will never time out. -e|--event <event1> [ -e|--event <event2> ... ] Listen for specific event(s). If omitted, all events are listened for.(指定要监听的事件,多个事件用逗号隔开) Exit status: 0 - An event you asked to watch for was received. 1 - An event you did not ask to watch for was received (usually delete_self or unmount), or some error occurred. 2 - The --timeout option was given and no events occurred in the specified interval of time. Events: (事件) access file or directory contents were read modify file or directory contents were written attrib file or directory attributes changed close_write file or directory closed, after being opened in writeable mode close_nowrite file or directory closed, after being opened in read-only mode close file or directory closed, regardless of read/write mode open file or directory opened moved_to file or directory moved to watched directory moved_from file or directory moved from watched directory move file or directory moved to or from watched directory create file or directory created within watched directory delete file or directory deleted within watched directory delete_self file or directory was deleted unmount file system containing file or directory unmounted
举例:
监听/backup/目录下所有文件和目录的增删改操作。打开两个ssh,一个执行监控操作,另一个对/backup/的文件进行增删改操作,监控的画面就会实时输出修改的结果。
[root@nfs01 data]# inotifywait -mrq -e 'create,delete,close_write,attrib,moved_to' --timefmt '%Y-%m-%d %H:%M' --format '%T %w%f %e' /backup/ 2019-06-04 10:46 /backup/test.txt CREATE 2019-06-04 10:46 /backup/test.txt ATTRIB 2019-06-04 10:46 /backup/test.txt CLOSE_WRITE,CLOSE 2019-06-04 10:47 /backup/test.txt CLOSE_WRITE,CLOSE 2019-06-04 10:47 /backup/isr DELETE 2019-06-04 10:47 /backup/me MOVED_TO