inotify是linux文件系统事件监控机制,功能强大,控制简单,可以实现很多有用的功能。如:当一个文件被访问、打开、关闭、移动、删除等等时做一些处理。此功能需要内核支持,从kernel 2.6.13开始正式并入内核,RHEL5已经支持。
如果有inotify目录并下面有这三个文件,说明内核支持此功能
安装完毕,默认安装到/usr/local,可以通过./configure --prefix=PATH更改
参数:
参数:
当事件队列设置的较小时,队列溢出会出现上面提示(红色字)
查看系统是否支持此功能:
[root@demo ~]# ls -l /proc/sys/fs/inotify
总计 0
-rw-r--r-- 1 root root 0 12-08 05:42 max_queued_events
-rw-r--r-- 1 root root 0 12-08 05:42 max_user_instances
-rw-r--r-- 1 root root 0 12-08 05:42 max_user_watches
总计 0
-rw-r--r-- 1 root root 0 12-08 05:42 max_queued_events
-rw-r--r-- 1 root root 0 12-08 05:42 max_user_instances
-rw-r--r-- 1 root root 0 12-08 05:42 max_user_watches
要想使用此功能还需要一个工具(inotify-tools),来控制内核的这种功能,就是内核的具体实现。
工具下载地址:http://sourceforge.net/directory/os:windows/freshness:recently-updated/?q=inotify-tools
工具的安装:
[root@demo ~]# tar zxvf inotify-tools-3.13.tar.gz
[root@demo ~]# cd inotify-tools-3.13
[root@demo inotify-tools-3.13]# ./configure
[root@demo inotify-tools-3.13]# make
[root@demo inotify-tools-3.13]# make install
工具集介绍:
一共安装了2个工具(命令),即inotifywait和inotifywatch
inotifywait:在被监控的文件或目录上等待特定文件系统事件(open、close、delete等)发生,执行后处于阻塞状态,适合在shell脚本中使用。
inotifywatch:收集被监视的文件系统使用度统计数据,指文件系统事件发生的次数统计。
inotifywait使用例子:
监视web根目录,用浏览器访问时出现下列事件
[root@demo ~]# inotifywait -mrq /usr/local/nginx/html/
/usr/local/nginx/html/ OPEN index.html
/usr/local/nginx/html/ CLOSE_NOWRITE,CLOSE index.html
/usr/local/nginx/html/ OPEN info.php
/usr/local/nginx/html/ CLOSE_NOWRITE,CLOSE info.php
/usr/local/nginx/html/ OPEN info.php
/usr/local/nginx/html/ CLOSE_NOWRITE,CLOSE info.php
/usr/local/nginx/html/ OPEN info.php
/usr/local/nginx/html/ CLOSE_NOWRITE,CLOSE info.php
/usr/local/nginx/html/ OPEN index.html
/usr/local/nginx/html/ CLOSE_NOWRITE,CLOSE index.html
/usr/local/nginx/html/ OPEN info.php
/usr/local/nginx/html/ CLOSE_NOWRITE,CLOSE info.php
/usr/local/nginx/html/ OPEN info.php
/usr/local/nginx/html/ CLOSE_NOWRITE,CLOSE info.php
/usr/local/nginx/html/ OPEN info.php
/usr/local/nginx/html/ CLOSE_NOWRITE,CLOSE info.php
-m | --monitor:一直监视指定目录,如果没有这个选项,inotifywait在接收到一个事件后就退出了。
-r | --recursive:递归监视指定目录,即包括所有子目录。
-q | --quiet:输出少量信息(只输出事件信息,无附加开头的说明信息)
inotofywatch使用例子:
监视统计web根目录,用浏览器访问时出现下列事件
[root@demo ~]# inotifywatch -rz -a open -t 6 /usr/local/nginx/html/
Establishing watches...
Finished establishing watches, now collecting statistics.
total access modify attrib close_write close_nowrite open moved_from moved_to move_self create delete delete_self filename
2 0 0 0 0 1 1 0 0 0 0 0 0 /usr/local/nginx/html/
Establishing watches...
Finished establishing watches, now collecting statistics.
total access modify attrib close_write close_nowrite open moved_from moved_to move_self create delete delete_self filename
2 0 0 0 0 1 1 0 0 0 0 0 0 /usr/local/nginx/html/
-r | --recursive:递归监视统计指定目录,即包括所有子目录。
-z | --zero:即使是未触发(事件统计为0的)的事件也输出。
-a | --ascending <event>:按event事件的统计升序排序。
-t | --timeout <seconds>:在seconds秒数后退出。
Note:一些限制
在/proc/sys/fs/inotify目录下有三个文件,对inotify机制有一定的限制
max_user_watches:设置inotifywait或inotifywatch命令可以监视的文件数量(单进程)。
max_user_instances:设置每个用户可以运行的inotifywait或inotifywatch命令的进程数。
max_queued_events:设置inotify实例事件(event)队列可容纳的事件数量。
如:/root/tmp目录内有10个文件
[root@demo ~]# echo 5 > /proc/sys/fs/inotify/max_user_watches
[root@demo ~]# inotifywait -mr /root/tmp
Setting up watches. Beware: since -r was given, this may take a while!
Failed to watch /root/tmp; upper limit on inotify watches reached!
Please increase the amount of inotify watches allowed per user via ` /proc/sys/fs/inotify/max_user_watches'.
Setting up watches. Beware: since -r was given, this may take a while!
Failed to watch /root/tmp; upper limit on inotify watches reached!
Please increase the amount of inotify watches allowed per user via ` /proc/sys/fs/inotify/max_user_watches'.
[root@demo ~]# echo 3 > /proc/sys/fs/inotify/max_user_instances
[root@demo ~]# inotifywait -mr /root/tmp &
[root@demo ~]# inotifywait -mr /root/tmp
Couldn't initialize inotify. Are you running Linux 2.6.13 or later, and was the
CONFIG_INOTIFY option enabled when your kernel was compiled? If so,
something mysterious has gone wrong. Please e-mail rohan@mcgovern.id.au
and mention that you saw this message.
Couldn't initialize inotify. Are you running Linux 2.6.13 or later, and was the
CONFIG_INOTIFY option enabled when your kernel was compiled? If so,
something mysterious has gone wrong. Please e-mail rohan@mcgovern.id.au
and mention that you saw this message.
[root@demo tmp]# echo 1 > /proc/sys/fs/inotify/max_queued_events
[root@demo tmp]# ll 1 2 3
-rw-r--r-- 1 root root 0 12-08 04:48 1
-rw-r--r-- 1 root root 0 12-08 04:48 2
-rw-r--r-- 1 root root 0 12-08 04:48 3
-rw-r--r-- 1 root root 0 12-08 04:48 1
-rw-r--r-- 1 root root 0 12-08 04:48 2
-rw-r--r-- 1 root root 0 12-08 04:48 3
[root@demo tmp]# cat 1 2 3 #先执行下面的命令,再执行这个测试
[root@demo ~]# inotifywait -mr /root/tmp
Setting up watches. Beware: since -r was given, this may take a while!
Watches established.
/root/tmp/ OPEN 1
/root/tmp/ CLOSE_NOWRITE,CLOSE 1
Q_OVERFLOW
/root/tmp/ CLOSE_NOWRITE,CLOSE 2
/root/tmp/ OPEN 3
Q_OVERFLOW
Setting up watches. Beware: since -r was given, this may take a while!
Watches established.
/root/tmp/ OPEN 1
/root/tmp/ CLOSE_NOWRITE,CLOSE 1
Q_OVERFLOW
/root/tmp/ CLOSE_NOWRITE,CLOSE 2
/root/tmp/ OPEN 3
Q_OVERFLOW
以上是基本使用实例,具体应用follow me。
转载于:https://blog.51cto.com/haoyun/1083267