- kernel 2.6.13 or later
- "Note: It is important to know that incron is not recursive, so you need to manually add all sub-directories you want it to watch"
- "There are two categories of tables: system tables (with root privileges) and user tables (with user privileges)."
- "Each user has their own table, and commands in any given incrontab will be executed as the user who owns the incrontab. System users (such as apache, postfix, nobody etc.) may have their own incrontab."
- "Please remember that the same path may occur only once per table (otherwise only the first occurrence takes effect and an error message is emitted to the system log)."
# apt-get install incron
General use
<path> <mask> <command>
<mask>
IN_ACCESS File was accessed (read) (*)
IN_ATTRIB Metadata changed (permissions, timestamps, extended attributes, etc.) (*)
IN_CLOSE_WRITE File opened for writing was closed (*)
IN_CLOSE_NOWRITE File not opened for writing was closed (*)
IN_CREATE File/directory created in watched directory (*)
IN_DELETE File/directory deleted from watched directory (*)
IN_DELETE_SELF Watched file/directory was itself deleted
IN_MODIFY File was modified (*)
IN_MOVE_SELF Watched file/directory was itself moved
IN_MOVED_FROM File moved out of watched directory (*)
IN_MOVED_TO File moved into watched directory (*)
IN_OPEN File was opened (*)
Special Events
IN_ALL_EVENTS Combines all of the above events
IN_DONT_FOLLOW Don't dereference pathname if it is a symbolic link
IN_ONESHOT Monitor pathname for only one event
IN_ONLYDIR Only watch pathname if it is a directory
Wildcard Event
IN_NO_LOOP Disable monitoring of events until the current event is handled completely (until its child process exits – avoids infinite loops)
Wildcards
$$ dollar sign
$@ watched filesystem path (see above)
$# event-related file name
$% event flags (textually)
$& event flags (numerically)
Add/edit user
# vi /etc/incron.allow
myuser
Status incron
# service incron status
* incron.service - file system events scheduler
Loaded: loaded (/lib/systemd/system/incron.service; enabled; vendor preset: enabled)
Active: active (running) since Fri 2018-01-12 07:44:06 WIB; 33min ago
Process: 7935 ExecStart=/usr/sbin/incrond (code=exited, status=0/SUCCESS)
Main PID: 7936 (incrond)
Tasks: 1 (limit: 4915)
CGroup: /system.slice/incron.service
`-7936 /usr/sbin/incrond
Test using user myuser
Create folder testincron under directory /home/myuser
$ mkdir testincron
$ ls /home/myuser/testincron
Create script to log change in testincron directory
$ vi testincron.sh
#!/bin/bash
echo "wildcard test: $1 $2 $3 $4 $5" >> /home/myuser/myincron.log
Make script to run
$ chmod u+x testincron.sh
Ereate/edit incrontab
$ incrontab -e
/home/myuser/testincron IN_ALL_EVENTS /home/myuser/testincron.sh $$ $@ $# $% $&
Create and delete example.txt in directory /home/myuser/testincron and see the log file
$ touch /home/myuser/testincron/example.txt
$ rm /home/myuser/testincron/example.txt
$ cat /home/myuser/myincron.log
wildcard test: $ /home/myuser/testincron example.txt IN_CREATE 256
wildcard test: $ /home/myuser/testincron example.txt IN_OPEN 32
wildcard test: $ /home/myuser/testincron example.txt IN_ATTRIB 4
wildcard test: $ /home/myuser/testincron example.txt IN_CLOSE_WRITE 8
wildcard test: $ /home/myuser/testincron IN_OPEN,IN_ISDIR 1073741856
wildcard test: $ /home/myuser/testincron IN_ACCESS,IN_ISDIR 1073741825
wildcard test: $ /home/myuser/testincron IN_CLOSE_NOWRITE,IN_ISDIR 1073741840
wildcard test: $ /home/myuser/testincron example.txt IN_DELETE 512
To display date in yyyymmdd hh:mm:ss edit testincron.sh:
$ vi testincron.sh
#!/bin/bash
echo "$(date +%Y%m%d' '%H:%M:%S): $1 $2 $3 $4 $5" >> /home/myuser/myincron.log
References:
- http://www.linux-magazine.com/Issues/2014/158/Monitoring-with-incron
- https://linux.die.net/man/5/incrontab
- https://www.linux.com/learn/how-use-incron-monitor-important-files-and-folders
- https://www.garron.me/en/linux/use-incron-rsync-dropbox-backup.html
No comments:
Post a Comment