0
2
I need a program which generates events when a file is moved, removed or its extended attributes are changed. I'm running Ubuntu Karmic Koala 32-bit desktop.
inotify is the standard solution for such problems, but inotify cannot install a recursive watch, so the only option is to the equivalent of find on the filesystem, and add an inotify watch on each node. This is what e.g. inotifywatch does. This won't work for me, because my filesystem has 1 million files, and installing watches to all of them takes forever.
fanotify could work except that I would have to patch the kernel for that (I'm currently running 2.6.31-20), and maintaining patches to the Linux kernel is beyond my time commitment.
I used to use rfsdelta (whose kernel module is similar to rlocate), but it just doesn't compile on 2.6.31, because it uses obsolete Linux security framework APIs.
I suspect that on-demand antivirus software on Linux might use some other technique I don't know of.
pts
Posted 2010-03-11T09:46:46.690
Reputation: 5 441
That's a wrapper around
inotify. It's therefore bound by the same restrictions, i.e. it cannot handle a million files either. – MSalters – 2012-02-20T09:24:19.587True, although it is a one off cost. The real problem (or so it seems to me) is that
inotifydoesn't support recursive watch. Whileinotifywatchdoes provide this feature, it doesn't support action triggers. The correct way to useinotifyis not to set a watch on each file but instead on folders anyway and I strongly doubt the OP had 1 million folders. – The Mighty Rubber Duck – 2012-02-21T00:41:24.817I need solution which is fast to load (at reboot) and doesn't have race conditions. My filesystem indeed has about 1 million files in 10000 folders. Thus
iwatchandinotifywatchdon't work for me. – pts – 2012-03-11T08:11:57.780