Install inotify-tools
https://github.com/rvoicilas/inotify-tools/wiki
How to use inotify-tools
Example, recursively watching ~/.config/google-chrome for 60 seconds while using Chrome.
terry@tux:~$ inotifywatch -v -e access -e modify -t 60 -r ~/.config/google-chrome/ Establishing watches... Setting up watch(es) on /home/terry/.config/google-chrome/ OK, /home/terry/.config/google-chrome/ is now being watched. Total of 576 watches. Finished establishing watches, now collecting statistics. Will listen for events for 60 seconds. total access modify filename 120 8 112 /home/terry/.config/google-chrome/Default/databases/chrome-extension_cnfkkfleeiooolklkgkmigodkmcopnji_0/ 58 2 56 /home/terry/.config/google-chrome/Default/ 29 29 0 /home/terry/.config/google-chrome/Default/databases/ 18 1 17 /home/terry/.config/google-chrome/Default/Local Storage/ 2 2 0 /home/terry/.config/google-chrome/Default/databases/chrome-extension_mnaelnkmidnndgikjbiifihgklnocljd_0/
What is incron
Description: cron-like daemon which handles filesystem events
incron is an "inotify cron" system. It works like the regular cron but is driven by filesystem events instead of time events. This package provides two programs, a daemon called "incrond" (analogous to crond) and a table manipulator "incrontab" (like "crontab").
incron uses the Linux Kernel inotify syscalls.
like cron, each user can edit its own incron tables.
incron can be used to :
- notifying programs (e.g. server daemons) about changes in configuration
- guarding changes in critical files (with their eventual recovery)
- file usage monitoring, statistics
- automatic on-crash cleanup
- automatic on-change backup or versioning
- new mail notification (for maildir)
- server upload notification
- installation management (outside packaging systems)
- ... and many others
Homepage: http://inotify.aiken.cz/
Install
apt-get install incron
Configuration files
- /etc/incron.conf - Main incron configuration file
- /etc/incron.d/ - This directory is examined by incrond for system table files. You should put all your config file here as per directory or domain names.
- /etc/incron.allow - This file contains users allowed to use incron.
- /etc/incron.deny - This file contains users denied to use incron.
- /var/spool/incron - This directory is examined by incrond for user table files which is set by users running the incrontab command.
incron Syntax
example
<directory> <file change mask> <command or action> options /var/www/html IN_CREATE /root/scripts/backup.sh /sales IN_DELETE /root/scripts/sync.sh /var/named/chroot/var/master IN_CREATE,IN_ATTRIB,IN_MODIFY /sbin/rndc reload
where
<directory> - It is nothing but path which is an absolute filesystem path such as /home/data. Any changes made to this path will result into command or action.
<file change mask> - Mask is is nothing but various file system events such as deleting a file. Each event can result into command execution. Use the following masks:
- IN_ACCESS - File was accessed (read)
- IN_ATTRIB - Metadata changed (permissions, timestamps, extended attributes, etc.)
- IN_CLOSE_WRITE - File opened for writing was closed
- IN_CLOSE_NOWRITE - File not opened for writing was closed
- IN_CREATE - File/directory created in watched directory
- IN_DELETE - File/directory deleted from watched directory
- IN_DELETE_SELF - Watched file/directory was itself deleted
- IN_MODIFY - File was modified
- IN_MOVE_SELF - Watched file/directory was itself moved
- IN_MOVED_FROM - File moved out of watched directory
- IN_MOVED_TO - File moved into watched directory
- IN_OPEN - File was opened
- The IN_ALL_EVENTS symbol is defined as a bit mask of all of the above events.
<command or action> - Run command or scripts when mask matched on given directory.
options - It can be any one of the following with command (i.e. you can pass it as arg to your command):
- $$ - dollar sign
- $@ - watched filesystem path (see above)
- $# - event-related file name
- $% - event flags (textually)
- $& - event flags (numerically)
Turn the service on
service incrond start
Make it auto start when booting
chkconfig --level 345 iocrond on
Examples
Type the following command to edit your incrontab
incrontab -e
Run logger command when file created or deleted from /tmp directory
/tmp IN_ALL_EVENTS logger "/tmp action for $# file"
Save and close the file. Now cd to /tmp and create a file
$ cd /tmp $ >foo $ rm foo
To see message, enter
$ sudo tail -f /var/log/messages
Sample outputs
Jul 17 18:39:25 support logger: "/tmp action for foo file"
Reference
Monitor file system activity with inotify
Linux incrond inotify: Monitor Directories For Changes And Take Action