Monitoring File Using Inotify

monitoring and searching a file with inotify, and command line tools

monitor mode (-m) of inotifywait may serve better here :

inotifywait -m -q -e create -e modify -e close log_directory |\
while read -r dir action file; do
    ...
done

monitor mode (-m) does not buffer, it just print all events to standard output.

To preserve the variables :

while read -r dir action file; do
    echo $dir $action $file
done < <(inotifywait -m -q -e create -e modify -e close log_directory)

echo "End of script"

How to continuously monitor the directory using dnotify /inotify command

Inotify itself is a kernel module accesible via calls from e.g. a C program.

https://linux.die.net/man/7/inotify

There is an application suite called inotify-tools, which contains:

inotifywait - wait for changes to files using inotify

http://linux.die.net/man/1/inotifywait

and

inotifywatch - gather filesystem access statistics using inotify

http://linux.die.net/man/1/inotifywatch

You can use inotify directly from command line, e.g. like this to continuously monitor for all changes under home directory (may generate lots of output):

inotifywait -r -m $HOME

And here is a script that monitors continuously and reacts to Apache log activity, copied from the man file of inotifywait:

#!/bin/sh
while inotifywait -e modify /var/log/messages; do
  if tail -n1 /var/log/messages | grep httpd; then
    kdialog --msgbox "Apache needs love!"
  fi
done

How to use inotifywait to wait till a file is created and is written content with timeout

You cannot wait for ./hello.txt because it doesn't exist yet, so the kernel has no node to attach the inotify object to.

You need to wait on the parent directory (.).
The problem is that you have to find a way to filter out only the specific file.
If you have at least version 3.20.1 of inotifywait, you can just use the option --include to pass a regex with the name of your file.
If you don't, ...well, you can try to use the option --exclude and write a reversed regex or you can write a script to filter the result externaly. Both of these options are rather inconvenient.
Answers to this question describe various ways of making the filter: https://unix.stackexchange.com/q/323901/133542.

If you have the new version, the command will look like this:

inotifywait -e close_write -t 30 --include 'hello\.txt' .

A few remarks:

• Flags -m and -t are not allowed together (at least in my version). However, you're waiting for a single specific event so there is no need for -m.
• In your code, you're waiting for the event create but you've stated that you want to know when the file is written. I've changed the event to close_write which means that the file is being closed after being opened in writable mode.
• The flag --fromfile means that the file contains a list of files to be watched, not that it is being watched itself. I've removed the flag.
• The flag -r is necessary only if you want to watch an entire tree of directories. If the file is directly in the watched directory, you don't need it.

---

Related Topics