On a unix system, how do I monitor (like how 'tail' works) a directory for changes made to files - either new ones created, or size changes, etc.
Looking for a command line tool rather than something to be installed.
+1
A:
you can craft your own then if you don't want to install tools. Just an idea.
Create a base line file of your directory using find command. Use a loop or cron job, find the directory using the same parameters, and check the new file against the base line file. Use a tool like diff to get the differences..
eg
find /path [other options] >> baseline.txt
while true #or use a cron job
do
find /path [same options] >> listing.txt
diff baseline.txt listing.txt
# do processing here...
mv listing.txt baseline.txt # update the baseline.
sleep 60
done
ghostdog74
2010-10-20 12:56:48
Just for my reference - do things like this exist?
matt_tm
2010-10-20 13:02:38
what "things" are you talking about? If you are talking about tools meant for such things, then yes. tools like tripwire, inotify etc...
ghostdog74
2010-10-20 13:06:56
+1
A:
Most unix variants have an API for this, but it's not standardized. On Linux, there is inotify. On the command line, you can use inotifywait. Usage example:
inotifywait -m /path/to/dir | while read -r dir event name; do
case $event in
OPEN) echo "The file $name was created or opened (not necessarily for writing)";;
WRITE) echo "The file $name was written to";;
DELETE) echo "The file $name was deleted ";;
esac
done
Inotify event types are often not exactly what you're trying to notice (e.g. OPEN is very wide), so don't feel bad if you end up making your own file checks.
Gilles
2010-10-20 16:31:00