CentsOS system inotify monitors server files in real time

Method 1

Note:

Server System: CentOS

File Directory:/home/web/osyunwei.com

Purpose:

Logs are recorded and saved when any file except the cache directory changes under/home/web/osyunwei.com.

Specific operations:

1. Install Inotify-tools

1. Check whether the server kernel supports inotify.

Ll/proc/sys/fs/inotify # list the file directories. The following content appears, indicating that the server kernel supports inotify.

-Rw-r -- 1 root 0 Mar 7 0:17 max_queued_events

-Rw-r -- 1 root 0 Mar 7 max_user_instances

-Rw-r -- 1 root 0 Mar 7 max_user_watches

Note: In Linux, the minimum kernel that supports inotify is 2.6.13. You can run the following command: uname-a to view the kernel:

CentOS 5.X kernel 2.6.18. inotify is supported by default.

2. Install inotify-tools

Yum install make gcc-c ++ # install the compilation tool

Inotify-tools download: http://github.com/downloads/rvoicilas/inotify-tools/inotify-tools-3.14.tar.gz

Upload inotify-tools-3.14.tar.gz to the/usr/local/src directory.

Cd/usr/local/src

Tar zxvf inotify-tools-3.14.tar.gz # extract

Cd inotify-tools-3.14 # enter the extract Directory

./Configure -- prefix =/usr/local/inotify # configuration

Make # compile

Make install # install

3. Set system environment variables and add soft connections

Echo "PATH =/usr/local/inotify/bin: $ PATH">/etc/profile. d/inotify. sh

Source/etc/profile. d/inotify. sh # Make the settings take effect immediately

Echo "/usr/local/inotify/lib">/etc/ld. so. conf. d/inotify. conf

Ln-s/usr/local/inotify/include/usr/include/inotify

4. Modify the default inotify parameter (the default inotify kernel parameter value is too small)

View default system parameter values

Sysctl-a | grep max_queued_events

The result is: fs. inotify. max_queued_events = 16384.

Sysctl-a | grep max_user_watches

The result is: fs. inotify. max_user_watches = 8192.

Sysctl-a | grep max_user_instances

Result: fs. inotify. max_user_instances = 128

Modify parameters:

Sysctl-w fs. inotify. max_queued_events = "99999999"

Sysctl-w fs. inotify. max_user_watches = "99999999"

Sysctl-w fs. inotify. max_user_instances = "65535"

Vi/etc/sysctl. conf # add the following code

Fs. inotify. max_queued_events = 99999999

Fs. inotify. max_user_watches = 99999999

Fs. inotify. max_user_instances = 65535

: Wq! # Save and exit

Parameter description:

Max_queued_events:

The maximum length of the inotify Queue. If the value is too small, the error "** Event Queue Overflow **" will occur, resulting in inaccurate monitoring files.

Max_user_watches:

The number of directories in the file to be synchronized can be found/home/www.osyunwei.com-type d | wc-l, make sure that the max_user_watches value is greater than the statistical result (here/home/www.osyunwei.com is the directory for synchronizing files)

Max_user_instances:

Maximum value of inotify instance created by each user

2. Create a real-time monitoring script

Mkdir-p/home/inotify # Create a directory

Vi/home/inotify/inotif. sh # Edit

#! /Bin/sh

/Usr/local/inotify/bin/inotifywait-mrq-e modify, create, move, delete -- fromfile '/home/inotify/excludedir' -- timefmt '% y-% m-% d % H: % M' -- format' % T % f % e'

/Home/web/osyunwei.com/>/tmp/rsync.txt

: Wq! # Save and exit

Vi/home/inotify/excludedir # Edit

/Home/web/osyunwei.com/

@/Home/web/osyunwei.com/cache/ # excluded Directory

: Wq! # Save and exit

Chmod + x/home/inotify/inotif. sh # Add execution permission

Vi/etc/rc. d/rc. local # edit, add a line at the end, and automatically execute

Sh/home/inotify/inotif. sh

: Wq! # Save and exit

If any file in the/home/web/osyunwei.com/directory changes, the/tmp/rsync.txt file will be recorded.

Now, inotify-tool is used in Linux to monitor server files in real time.

Method 2

Inotify-tools is a command line tool that monitors file changes through the inotify mechanism in linux. It monitors and records file changes on the server in real time. If there is a server problem, you can help find the cause, the kernel must be later than 2.6.13.

Check whether the server meets the installation requirements:

Uname-
Linux centos5.7-x64 2.6.18-274.17.1.el5

Ll/proc/sys/fs/inotify/
-Rw-r -- 1 root 0 05-15 0:12 max_queued_events
-Rw-r -- 1 root 0 05-15 0:12 max_user_instances
-Rw-r -- 1 root 0 05-15 0:12 max_user_watches

If the server has an EPEL source installed, you can use yum to install it:

Yum install inotify-tools

Compile and install:

Cd/usr/local/src/
Wget -- no-check-certificate https://github.com/downloads/rvoicilas/inotify-tools/inotify-tools-3.14.tar.gz
Tar zxvf inotify-tools-3.14.tar.gz
Cd inotify-tools-3.14
./Configure
Make
Make install
Ldconfig-v

Inotify parameters:

/Proc/sys/fs/inotify/max_queued_events # maximum number of request events
/Proc/sys/fs/inotify/max_user_instances # maximum number of instances that can be created by each user
/Proc/sys/fs/inotify/max_user_watches # maximum number of monitored directories
Inotifywait is a monitoring wait event that can be used with shell real-time monitoring to record file systems. Common parameters:

-- Timefmt time format
% Y % m month % d % H hour % M minutes
-- Format output format
% T time % w path % f file name % e status
-M always keeps listening. The default trigger event exits.
-R recursive query Directory
-Q: print monitoring events
-E defines monitoring events. Available parameters:
Open file
Access file
Modify
Delete file
Create new file
Attrb attribute change
Application example:
Real-time monitoring of new or modified files under the wwwroot directory and output:
 
Inotifywait-mrq-e modify, create -- timefmt '% y-% m-% d % H: % M' -- format' % T % f % e'/home/wwwroot/

The output is as follows:
 
12-05-14 20:43 favicon. ico
12-05-14 20:43 favicon. ico
12-05-14 20:43 tab_console_down.gif
12-05-14 20:43 tab_console_down.gif
12-05-14 20:43 tab_graphs.gif
12-05-14 20:43 tab_graphs.gif