2
1
How do I monitor from this moment on what files get accessed / modified / created / deleted. (in live mode), similar to fseventer / fslogger?
user1861388
Posted 2016-05-07T18:55:58.590
Reputation: 75
How do I live monitor on linux what files get accessed created modified and deleted?
Answers
6
On unix system you can use inotify-tools, built on top of inotify kernel subsystem API.
By inotifywait you can have live mode monitoring on standard output:
inotifywait -m -r -e access -e modify -e create -e delete --format 'PATH:%w%f EVENTS:%,e' {{path_to_monitor}}
Notes:
- -m: monitor indefinitely
- -r: recursive monitor
- -e: specify file system events to be monitored
- --format: specify the output of the command
Example (command performed on monitored directory followed by realtime inotifywait output):
$ cd {{path_to_monitor}}
$ touch test
PATH:./test EVENTS:CREATE
$ rm test
PATH:./test EVENTS:DELETE
lgaggini
Posted 2016-05-07T18:55:58.590
Reputation: 256
Now I changed the title, as I'm interested about the process, not to shop anything. – user1861388 – 2016-05-07T19:05:11.763