Sunday, March 24, 2013

[Ubuntu] iNotify-Tools: The Realtime File Monitoring Tool

I have been searching for a good real time file monitoring tools to save time on checking what directories or files has been updated by my colleagues. It seems the iNotify-Tools that built into Linux kernel has gained a lot of recommendation, and even IBM has an article on their website address for this little tool.

To setup inotify is fairly simple:
  1. apt-get install inotify-tools
  2. after install, it comes with two module:
    • inotifywait - it runs and keep monitor for changes happen in the target folder/file, and the results can be output to an external file.
    • inotifywatch - it outputs a summary count of the events received on each file or directory.
  3. We will use inotifywait to monitor our folder and output a text file in the same folder.
inotifywait /targetFolder -mr -e create,delete,move --timefmt "%D_%a_%H:%M" --format "%T | %w%f | %e" -o /targetFolder/FolderReport.txt --exclude "FolderReport.txt"
  • "-m" is used to continuously monitor the target. Without this, by default it will exit after the first event occurs.
  • "-e" is to specify the event that we want to monitor. Full list can be viewed by execute inotifywait -h
  • "--timefmt" is used to add date and time to the log. By default the result doesn't has such info.
  • "--format" has to be specified if --timefmt is used. %T is the time, %w is the path of the folder being monitored, %f is the file name and %e is the event (action done to the folder/file). We can add any words in between the parameter, and it will be output as well. For example, %w the folder is %f %e will output = "/home/tecsun/folder the folder is TestFolder CREATE,ISDIR. (blue is the output specified by parameter) 
  • "-o" is to output the result to file (else it would display on the terminal)
  • "--exclude" is to exclude the result file being monitored, especially when modify event is triggered, so it won't get into infinity loops.
There is one more tools namely iwatch, which is based on inotify, would allow sending of email when event being triggered. Another one which I have not tested is gamin, if anyone of you happen to test this, please let me know how it works.