#include <stdio.h>
#include <stdlib.h>
#include <sys/inotify.h>
#include <errno.h>
#include <string.h>
#include <sys/epoll.h>
int main(void)
{
char *filename = "./log.txt";
int inoti_fd = inotify_init1(IN_CLOEXEC);
if (inoti_fd == -1) {
printf("inotify_init failed, %s\n", strerror(errno));
exit(-1);
}
int file_fd = inotify_add_watch(inoti_fd, filename, IN_ALL_EVENTS);
if (file_fd == -1) {
printf("inotify_add_watch failed, %s\n", strerror(errno));
exit(-1);
}
int epoll_fd = epoll_create(5);
if (epoll_fd == -1) {
printf("epoll_create failed, %s\n", strerror(errno));
goto end;
}
struct epoll_event ev, event[5];
memset(&ev, 0, sizeof(ev));
ev.events = EPOLLIN | EPOLLET;
ev.data.fd = inoti_fd;
if (epoll_ctl(epoll_fd, EPOLL_CTL_ADD, inoti_fd, &ev) == -1) {
printf("epoll_ctl failed, %s\n", strerror(errno));
goto end;
}
int buf_size = sizeof(struct inotify_event) + 64 * sizeof(char);
struct inotify_event * instance = malloc(buf_size);
memset(instance, 0, buf_size);
int value = 0;
while ((value = epoll_wait(epoll_fd, event, 5, -1)) != -1) {
int i = 0;
for (i = 0; i < value; i ++) {
if (event[i].data.fd == inoti_fd) {
if (read(inoti_fd, instance, buf_size) > 0)
printf("file_id is %d, event is %u, cookie is %u, name is %s\n",
instance->wd, instance->mask, instance->cookie, instance->name);
else
printf("read inoti_fd failed, %s\n", strerror(errno));
}
else
printf("unknown file_fd %d\n", event[i].data.fd);
}
}
end:
inotify_rm_watch(inoti_fd, file_fd);
return 0;
#!/usr/bin/python
import logging
from inotify import adapters
_DEFAULT_LOG_FORMAT = ‘%(asctime)s - %(name)s - %(levelname)s - %(message)s‘
_LOGGER = logging.getLogger(__name__)
def _configure_logging():
_LOGGER.setLevel(logging.DEBUG)
ch = logging.FileHandler(‘./record‘, ‘a‘)
formatter = logging.Formatter(_DEFAULT_LOG_FORMAT)
ch.setFormatter(formatter)
_LOGGER.addHandler(ch)
def _main():
i = adapters.Inotify()
i.add_watch(‘/var/lib/logrotate.status‘)
for event in i.event_gen():
if event:
(header, type_names, watch_path, filename) = event
print ("WD=(%d) MASK=(%d) COOKIE=(%d) LEN=(%d) MASK->NAMES=%s WATCH-PATH=[%s] FILENAME=[%s]", header.wd, header.mask, header.cookie, header.len, type_names, watch_path.decode(‘utf-8‘), filename.decode(‘utf-8‘))
_LOGGER.info("WD=(%d) MASK=(%d) COOKIE=(%d) LEN=(%d) MASK->NAMES=%s WATCH-PATH=[%s] FILENAME=[%s]", header.wd, header.mask, header.cookie, header.len, type_names, watch_path.decode(‘utf-8‘), filename.decode(‘utf-8‘))
if __name__ == ‘__main__‘:
_configure_logging()
_main()
#监控log.txt发生的操作,并输出到record文件中,另外inotifywait命令的-r选项支持递归遍历 $ inotifywait -m log.txt -o record #inotifywatch 命令则用于统计一段时间内,某个文件所发生操作的统计数据 #上述的两个命令的具体用法参照man手册
$ yum install systemtab -y
$ yum install kernel-debug-debuginfo #stap监控系统调用需要
$ stap -ve ‘probe begin { log("hello world") exit() }‘ #测试stap是否安装成功
$ ls -i log.txt #查看要监控文件的inode号 2360637
$ df -h #查看log.txt所在的磁盘分区
$ cat /proc/partitions #查看各个磁盘分区的major、minor号 8 2
$ stap /usr/share/doc/systemtap-1.6/examples/io/inodewatch.stp 0x8 0x2 2360637 #监控log.txt即(0x8 0x2 2360637)所进行的操作,同时会显示出执行操作的进程ID
原文:http://www.cnblogs.com/sxhlinux/p/6420932.html