inotify-tool基于linux文件和目录的监控

该文章来自Linux技术交流群--成都菠菜

inotify-tool基于linux文件和目录的监控
一。安装inotify.
apt-get install inotify-tools
对于事件的实时监控  用/usr/local/test目录来举例
inotifywait -mrq -e modify -e attrib -e moved_to -e moved_from -e move -e create -e delete -e delete_self -e unmount /usr/local/test > /var/a.txt &
参数详见man inotifywait

二。安装邮件客户端
1.apt-get install mailutils ssmtp
当然你也可以安装sendmail、postfix任选其一

三。监控原理及脚本
inotifywait的输出重定向到日志文件/var/a.txt,我们只需要对a.txt这个文件进行MD5值的校验就可以得到目录下的文件或者目录是否被改变。

实例如下：
#!/bin/bash
while true
do
old=`cat /root/tmp.txt | awk '{print $1}'`
new=`md5sum /var/a.txt | awk '{print $1}'`
        if [ "$old" != "$new" ]
                then
                        mail -s "test directory monitor `date "+%Y%m%d"`"   username@163.com < /var/a.txt &
                        echo "$new">/root/tmp.txt
        fi
        sleep 1
done
============================================================
##########################
1.文件和目录的创建
touch aaa
mkdir qop

/usr/local/test/ CREATE aaa
/usr/local/test/ ATTRIB aaa
/usr/local/test/ CREATE,ISDIR qop

2.文件权限的改变
chmod 777 aaa

/usr/local/test/ ATTRIB aaa

3.文件的移动
mv aaa bbb

/usr/local/test/ MOVED_FROM aaa
/usr/local/test/ MOVED_TO bbb

4.文件的修改
vim bbb

/usr/local/test/ CREATE .bbb.swp
/usr/local/test/ CREATE .bbb.swpx
/usr/local/test/ DELETE .bbb.swpx
/usr/local/test/ DELETE .bbb.swp
/usr/local/test/ CREATE .bbb.swp
/usr/local/test/ MODIFY .bbb.swp
/usr/local/test/ ATTRIB .bbb.swp
/usr/local/test/ MODIFY .bbb.swp
/usr/local/test/ CREATE 4913
/usr/local/test/ ATTRIB 4913
/usr/local/test/ DELETE 4913
/usr/local/test/ CREATE bbb~
/usr/local/test/ ATTRIB bbb~
/usr/local/test/ MODIFY bbb
/usr/local/test/ ATTRIB bbb
/usr/local/test/ MODIFY .bbb.swp

5.文件的删除
rm bbb

/usr/local/test/ DELETE bbb~
/usr/local/test/ DELETE .bbb.swp
/usr/local/test/ DELETE bbb