python监控文件

最新推荐文章于 2024-07-03 18:30:37 发布

lm_y

最新推荐文章于 2024-07-03 18:30:37 发布

阅读量1.2k

点赞数 1

文章标签： Python 监控

本文链接：https://blog.csdn.net/com_ma/article/details/78731797

版权

linux下 pyinotify
windows 下 watchdog

#!/usr/bin/env python
#encoding: utf-8
import datetime
import pyinotify
import logging
import os

class MyEventHandler(pyinotify.ProcessEvent):

    logging.basicConfig(level=logging.INFO, filename='/var/log/faith_monitor.log')#filename是日志的存放路径
    # 自定义写入那个文件，可以自己修改
    logging.info("Starting monitor...")

    def process_IN_ACCESS(self, event):
        print("ACCESS event:", event.pathname)
        logging.info("ACCESS event : %s  %s" % (os.path.join(event.path, event.name), datetime.datetime.now()))

    def process_IN_ATTRIB(self, event):
        print("ATTRIB event:", event.pathname)
        logging.info("IN_ATTRIB event : %s  %s" % (os.path.join(event.path, event.name), datetime.datetime.now()))


    def process_IN_CLOSE_NOWRITE(self, event):
        print("CLOSE_NOWRITE event:", event.pathname)
        logging.info("CLOSE_NOWRITE event : %s  %s" % (os.path.join(event.path, event.name), datetime.datetime.now()))


    def process_IN_CLOSE_WRITE(self, event):
        print("CLOSE_WRITE event:", event.pathname)
        logging.info("CLOSE_WRITE event : %s  %s" % (os.path.join(event.path, event.name), datetime.datetime.now()))


    def process_IN_CREATE(self, event):
        print("CREATE event:", event.pathname)
        logging.info("CREATE event : %s  %s" % (os.path.join(event.path, event.name), datetime.datetime.now()))


    def process_IN_DELETE(self, event):
        print("DELETE event:", event.pathname)
        logging.info("DELETE event : %s  %s" % (os.path.join(event.path, event.name), datetime.datetime.now()))


    def process_IN_MODIFY(self, event):
        print("MODIFY event:", event.pathname)
        logging.info("MODIFY event : %s  %s" % (os.path.join(event.path, event.name), datetime.datetime.now()))


    def process_IN_OPEN(self, event):
        print("OPEN event:", event.pathname)
        logging.info("OPEN event : %s  %s" % (os.path.join(event.path, event.name), datetime.datetime.now()))


def main():
    # watch manager
    wm = pyinotify.WatchManager()
    wm.add_watch('/opt/faithvic', pyinotify.ALL_EVENTS, rec=True)
    # /opt/faithvic是可以自己修改的监控的目录
    # event handler
    eh = MyEventHandler()

    # notifier
    notifier = pyinotify.Notifier(wm, eh)
    notifier.loop()


if __name__ == '__main__':
    main()

pyinotify简介：

Pyinotify是一个Python模块，用来监测文件系统的变化。 Pyinotify依赖于Linux内核的功能—inotify（内核2.6.13合并）。 inotify的是一个事件驱动的通知器，其通知接口通过三个系统调用从内核空间到用户空间。pyinotify结合这些系统调用，并提供一个顶级的抽象和一个通用的方式来处理这些功能。

pyinotify 说百了就是通过调用系统的inotify来实现通知的
inotify 既可以监视文件，也可以监视目录
Inotify 使用系统调用而非 SIGIO 来通知文件系统事件。

Inotify 可以监视的文件系统事件包括：

Event Name	Is an Event	Description
IN_ACCESS	Yes	file was accessed.
IN_ATTRIB	Yes	metadata changed.
IN_CLOSE_NOWRITE	Yes	unwrittable file was closed.
IN_CLOSE_WRITE	Yes	writtable file was closed.
IN_CREATE	Yes	file/dir was created in watched directory.
IN_DELETE	Yes	file/dir was deleted in watched directory.
IN_DELETE_SELF	Yes	自删除，即一个可执行文件在执行时删除自己
IN_DONT_FOLLOW	No	don‘t follow a symlink (lk 2.6.15).
IN_IGNORED	Yes	raised on watched item removing. Probably useless for you, prefer instead IN_DELETE*.
IN_ISDIR	No	event occurred against directory. It is always piggybacked to an event. The Event structure automatically provide this information (via .is_dir)
IN_MASK_ADD	No	to update a mask without overwriting the previous value (lk 2.6.14). Useful when updating a watch.
IN_MODIFY	Yes	file was modified.
IN_MOVE_SELF	Yes	自移动，即一个可执行文件在执行时移动自己
IN_MOVED_FROM	Yes	file/dir in a watched dir was moved from X. Can trace the full move of an item when IN_MOVED_TO is available too, in this case if the moved item is itself watched, its path will be updated (see IN_MOVE_SELF).
IN_MOVED_TO	Yes	file/dir was moved to Y in a watched dir (see IN_MOVE_FROM).
IN_ONLYDIR	No	only watch the path if it is a directory (lk 2.6.15). Usable when calling .add_watch.
IN_OPEN	Yes	file was opened.
IN_Q_OVERFLOW	Yes	event queued overflowed. This event doesn‘t belongs to any particular watch.
IN_UNMOUNT	Yes	宿主文件系统被 umount

IN_ACCESS，即文件被访问
IN_MODIFY，文件被write
IN_ATTRIB，文件属性被修改，如chmod、chown、touch等
IN_CLOSE_WRITE，可写文件被close
IN_CLOSE_NOWRITE，不可写文件被close
IN_OPEN，文件被open
IN_MOVED_FROM，文件被移走,如mv
IN_MOVED_TO，文件被移来，如mv、cp
IN_CREATE，创建新文件
IN_DELETE，文件被删除，如rm
IN_DELETE_SELF，自删除，即一个可执行文件在执行时删除自己
IN_MOVE_SELF，自移动，即一个可执行文件在执行时移动自己
IN_UNMOUNT，宿主文件系统被umount
IN_CLOSE，文件被关闭，等同于(IN_CLOSE_WRITE | IN_CLOSE_NOWRITE)
IN_MOVE，文件被移动，等同于(IN_MOVED_FROM | IN_MOVED_TO)