INotify software Deployment and parameter event demonstration in Linux

Statement: The blogger is using the CentOS6.9 system

Resources:

HTTPS://Github.com/rvoicilas/inotify-tools/wikihttp://www.ibm.com/ developerworks/cn/linux/l-inotifynew/2. 6 file system Change notification mechanism in the kernel

ReferencesInstructions for installing inotify

First, be sure to confirm the three files that must exist in the system before installing the INotify software.

[Email protected] ~]# ll/proc/sys/fs/inotify/ Total0-rw-r--r--1Root root0Oct - Ten: -max_queued_events-rw-r--r--1Root root0Oct - Ten: -max_user_instances-rw-r--r--1Root root0Oct - Ten: -max_user_watchesmax_user_watches----Default Value 8192, sets the number of files that can be monitored by the inotifywait and Inotifywatch commands (single process condition) Max_user_instances----The default value of 128 sets the number of processes per user that can run the inotifywait and Inotifywatch commands max_queued_events----default value 16384, set inotify instance events, number of events that the queue can hold three important files before you install

Documents for information

Specifically want to know the role of three files can use the man help to view

INotify Software main Tools command

Mans wait  for   man inotifywatch inotifywatch- gather filesystem access statistics using inotify for monitoring with INotify, Collection of file system access statistics inotify two main commands

main commandRelated parameters

Command parameters	Parameter description
-m|--montitor (Important parameters)	Always keep event listening state
-d|--daemon	Similar to-M, just run the command in the background
-R (Important parameters)	Recursive monitoring of directory data information changes
-o|--outfile<file>	Print event to file, equivalent to standard output
-s|--syslog	Send error to syslog equivalent error output
-q|--quiet (Important parameters)	Output a small amount of information (only event information is printed)
--excludei<pattern> (Important parameters)	Exclude file or directory I is case insensitive
--timefmt<fmt> (Important parameters)	Specify the time output format
--format<fmt>	Prints a similar format string using the specified output, that is, the content of the actual monitoring output
-E (Important parameters)	Specifies to listen for the specified event, omitting no, indicating that all events are listening

--timefmt<fmt> Available Parameters

Command parameters	Parameter description
%d (important parameter)	The day of the month, the display information is in decimal number (range is 01-31)
%m (important parameter)	Displays the month, displaying the message as a decimal number (range is 01-12)
%M	Display minutes, display information in decimal number (range is 00-59)
%y (important parameter)	Year information, display information in decimal number, and no century information
%Y	Year information, displaying information in decimal numbers and containing century information
%H	hour information, displaying information in decimal, using 24-hour system (range is 00-23)
Note: The above information can be obtained through the man strftime information

--format<fmt> Available Parameters

Command parameters	Parameter description
%w (important parameter)	Monitor file or directory name information when an event occurs
%f (important parameter)	When an event occurs, the file or directory information that triggers the event in the monitoring directory is displayed, otherwise it is empty.
%e (important parameter)	Displays the event information that occurred, separating the different event information with commas
%xe	Displays the event information that occurred and the different event information is separated by x, and you can modify the x to the specified delimiter
%T (important parameter)	This format is the Strftime function to match the time format information
Note: The above information can be obtained through the man inotifywait information, query-format parameters

Event description in monitoring

Event name	Event description
Access	File or directory contents are read
Modify	File or directory contents are written
attrib	File or directory property changes
Close_write (Important parameters)	The file or directory is closed and closed after write mode is opened.
Close_nowrite	File or directory is closed after read-only mode is turned off
Close	File or directory close, regardless of read or write mode
Open	File or directory is opened
Moved_to	Files or directories are moved to the monitored directory
Moved_from	Files or directories are moved out of the monitored directory
Move (Important parameters)	Files or directories trigger events regardless of whether they are moved to or moved out of the monitoring directory
Create (Important parameters)	File or directory created in the monitored directory
Delete (Important parameters)	The file or directory is deleted in the monitored directory
Delete_self	File or directory is deleted
Unmount	File system contains files or directories that cannot be uninstalled

Key monitoring Event parameter summary table

Important Events	Include events	Remark description
Close	Close_write	File or directory close, either read or write mode that contains write close and read close
	Close_nowrite
Close_write	Create	Contains file creation events, but does not contain directory creation events
Move	Moved_to	A file or directory that either moves to or moves out of the monitoring directory triggers an event that contains information to move in or out of the Monitoring directory event
	Moved_from
Summary of important parameters: according to the above instructions, in actual use, as long as the following events can be monitored Create Create, delete Delete, moved_to move in, Close_write Modify

INotify Software Deployment

Before installing INotify, first verify that the Rsync service is installed and deployed.

Installation of INotify

Yum Install -yinotify--ql inotify-tools/usr/bin/inotifywait/usr/bin/inotifywatch

insatll inotifyAfter the installation is complete, monitor the test

Test commands to use:

INOTIFYWAIT-MR  /data/  "%w%f Event information:%e" -e Create,delete,moved_to,close_write

Create a File monitoring event (Create):

/data/ CREATE erlianzhang.txt/data/ OPEN erlianzhang.txt/data/ ATTRIB erlianzhang.txt /data/close_write,close Erlianzhang.txt

event display for creating files

To create a directory monitoring event (create):

1

Delete event (delete):

/data/o1.txt Event Information: DELETE

Modify Event (Close_write):

/data/oldgirl.txt    event information: [email protected]/data/. oldgirl.txt.swx event Information: [email protected]/data/ . Oldgirl.txt.swx Event Information: DELETE/data/. Oldgirl.txt.swp event Information: [email protected]/data/. OLDGIRL.TXT.SWP EventInformation: DELETE/data/. Oldgirl.txt.swp event Information: [email protected]/DATA/.OLDGIRL.TXT.SWP event Information: DELETE

the modified event display

Move event (move):

move in /data/hosts event information: moved_to move out /data/hosts event information: Moved_from

Mobile Event DisplaySimple real-time synchronization with scripting

Commands to use:

Rsync service: rsync-az/data/[email protected]172.16. 1.41:: nfsbackup--password-file=/etc/"%w%f" -E Create, Delete,moved_to,close_write

#!/bin/"%w%f" -e create,delete,moved_to,close_write|  while Read Line  Do  -az--delete/data/[email protected]172.16. 1.41:: nfsbackup--password-file=/etc/rsync.password Done

Script

This script is too simple to run in the background, you can use screen, &, and so on.

Bo Master Ability is limited, if you want more rich features need to perfect the script

INotify Advantages

Monitor file system event changes and synchronize data when implemented with synchronization tools

INotify Disadvantages

• Concurrency if it is greater than 200 files (4-100 k), there is a delay in synchronization
• The script that was written in front of it is all pushed once every time, but it is actually an amount. It is also possible to synchronize only the changed files, without changing the ignore.
• After monitoring the event, please use Rsync synchronization is single-threaded (plus & concurrency), Sersync is multithreaded synchronization.

If you compare inotify with Sersync, bloggers recommend using Sersync

Bad place, please give us a lot of advice.

INotify software Deployment and parameter event demonstration in Linux