Linux内核从2.6.13开始,引入了inotify机制。通过intofity机制,能够对文件系统的变化进行监控,如对文件进行创建、删除、修改等操作,可以及时通知应用程序进行相关事件的处理。这种响应处理机制,避免了频繁的文件轮询任务,提高了任务的处理效率。

inotify-tools 支持事件类型

IN_ACCESS
IN_ATTRIB
IN_CLOSE_WRITE
IN_CLOSE_NOWRITE
IN_CREATE
IN_DELETE
IN_DELETE_SELF
IN_MODIFY
IN_MOVE_SELF
IN_MOVED_FROM
IN_MOVED_TO
IN_OPEN

查看inotify参数

sysctl -a | grep max_queued_events
输出:
fs.inotify.max_queued_events = 16384

sysctl -a | grep max_user_watches
输出:
fs.epoll.max_user_watches = 790384
fs.inotify.max_user_watches = 8192

sysctl -a | grep max_user_instances
输出:
fs.inotify.max_user_instances = 128

修改参数

sysctl -w fs.inotify.max_user_instances=130
fs.inotify.max_user_instances = 130

vi /etc/sysctl.conf
#添加如下代码
fs.inotify.max_user_instances=130

参数说明:

max_user_instances:每个用户创建inotify实例最大值

max_queued_events:inotify队列最大长度,如果值太小,会出现错误,导致监控文件不准确

max_user_watches:要知道同步的文件包含的目录数,可以用:

find /home -type d|wc -l 统计,必须保证参数值大于统计结果(/home为同步文件目录)。

创建实时监控脚本

vi inotify_start.sh
chmod a+x ./inotify_start.sh

/usr/local/inotify/bin/inotifywait -mrq -e modify,create,move,delete \
--fromfile '/opt/scripts/ffile' \
--timefmt '%y-%m-%d %H:%M' --format '%T %f %e' \
--outfile '/tmp/rsync.log'

ifnotifywait常用参数

--timefmt 时间格式 %y年 %m月 %d日 %H小时 %M分钟
--format 输出格式 %T时间 %w路径 %f文件名 %e状态
-m 始终保持监听状态,默认触发事件即退出。
-r 递归查询目录
-q 打印出监控事件
-e 定义监控的事件,可用参数:
    open 打开文件
    access 访问文件
    modify 修改文件
    delete 删除文件
    create 新建文件
    attrb  属性变更
inotifywait -h
inotifywait 3.13
Wait for a particular event on a file or set of files.
Usage: inotifywait [ options ] file1 [ file2 ] [ file3 ] [ ... ]
Options:
    -h|--help         Show this help text.
    @<file>           Exclude the specified file from being watched.
    --exclude <pattern>
                      Exclude all events on files matching the
                      extended regular expression <pattern>.
    --excludei <pattern>
                      Like --exclude but case insensitive.
    -m|--monitor      Keep listening for events forever.  Without
                      this option, inotifywait will exit after one
                      event is received.
    -r|--recursive    Watch directories recursively.
    --fromfile <file>
                      Read files to watch from <file> or `-' for stdin.
    -q|--quiet        Print less (only print events).
    -qq               Print nothing (not even events).
    --format <fmt>    Print using a specified printf-like format
                      string; read the man page for more details.
    --timefmt <fmt>    strftime-compatible format string for use with
                      %T in --format string.
    -c|--csv          Print events in CSV format.
    -t|--timeout <seconds>
                      When listening for a single event, time out after
                      waiting for an event for <seconds> seconds.
                      If <seconds> is 0, inotifywait will never time out.
    -e|--event <event1> [ -e|--event <event2> ... ]
        Listen for specific event(s).  If omitted, all events are 
        listened for.

Exit status:
    0  -  An event you asked to watch for was received.
    1  -  An event you did not ask to watch for was received
          (usually delete_self or unmount), or some error occurred.
    2  -  The --timeout option was given and no events occurred
          in the specified interval of time.

Events:
    access        file or directory contents were read
    modify        file or directory contents were written
    attrib        file or directory attributes changed
    close_write    file or directory closed, after being opened in
                   writeable mode
    close_nowrite    file or directory closed, after being opened in
                   read-only mode
    close        file or directory closed, regardless of read/write mode
    open        file or directory opened
    moved_to    file or directory moved to watched directory
    moved_from    file or directory moved from watched directory
    move        file or directory moved to or from watched directory
    create        file or directory created within watched directory
    delete        file or directory deleted within watched directory
    delete_self    file or directory was deleted
    unmount        file system containing file or directory unmounted

inotifywatch帮助手册

inotifywatch -h
inotifywatch 3.13
Gather filesystem usage statistics using inotify.
Usage: inotifywatch [ options ] file1 [ file2 ] [ ... ]
Options:
    -h|--help        Show this help text.
    -v|--verbose     Be verbose.
    @<file>           Exclude the specified file from being watched.
    --fromfile <file>
        Read files to watch from <file> or `-' for stdin.
    --exclude <pattern>
        Exclude all events on files matching the extended regular
        expression <pattern>.
    --excludei <pattern>
        Like --exclude but case insensitive.
    -z|--zero
        In the final table of results, output rows and columns even
        if they consist only of zeros (the default is to not output
        these rows and columns).
    -r|--recursive    Watch directories recursively.
    -t|--timeout <seconds>
        Listen only for specified amount of time in seconds; if
        omitted or 0, inotifywatch will execute until receiving an
        interrupt signal.
    -e|--event <event1> [ -e|--event <event2> ... ]
        Listen for specific event(s).  If omitted, all events are 
        listened for.
    -a|--ascending <event>
        Sort ascending by a particular event, or `total'.
    -d|--descending <event>
        Sort descending by a particular event, or `total'.

Exit status:
    0  -  Exited normally.
    1  -  Some error occurred.

Events:
    access        file or directory contents were read
    modify        file or directory contents were written
    attrib        file or directory attributes changed
    close_write    file or directory closed, after being opened in
                   writeable mode
    close_nowrite    file or directory closed, after being opened in
                   read-only mode
    close        file or directory closed, regardless of read/write mode
    open        file or directory opened
    moved_to    file or directory moved to watched directory
    moved_from    file or directory moved from watched directory
    move        file or directory moved to or from watched directory
    create        file or directory created within watched directory
    delete        file or directory deleted within watched directory
    delete_self    file or directory was deleted
    unmount        file system containing file or directory unmounted

标签: none

添加新评论