Linux provides an effective mechanism for notifying user-space processes when modifications are made that could affect important files. We used the Inotify command in Linux to do this. Enable Inotify to keep monitoring certain files or entire directories in the Linux system. Monitoring filesystem events is possible with the help of the Inotify API. The Inotify command produces events for both the directory itself and the files inside the directory while a directory is being watched. Inotify is a feature of Linux that enables monitoring programs to open a single file descriptor and monitor directories or files for a given sequence of events.
With the Inotify command, we can identify the most commonly opened files by a particular program. Hence the performance is maintained by the Inotify module. We can examine that using an in-memory copy or updating the program so that the data is transferred when the small files are frequently opened or closed. The Inotify provides the meta-information as file-specific details like the date and time of creation as well as the user’s ID which mostly frequently updated a file may be worth logging. Moreover, we have enhanced security with the Inotify application.
As it keeps track of every access to a specific file or directory. Below, we have an installation of Inotify application instructions in the Linux system. Also, we have used the useful commands of Inotify to watch the events of our system files and directories. We have used Ubuntu 22.04 software for the implementation of Inotify commands. All the Inotify commands are executable in Ubuntu 22.04.
How to Install Inotify-tools in Linux
We are going to install Inotify-tools in our Linux system manually. The Linux command line provides simple methods to install the Inotify package in our system. The Inotify-tools are the collection of command-line utilities for Linux. The events of the filesystem are monitored for and responded to using these applications. Two programs make up inotify-tools: inotifywait, which blocks for inotify events and may be used in shell scripts; and inotifywatch, which gathers data on filesystem utilization and each inotify event produces counts. Let’s follow the instructions given below for inotify-tools installation. Firstly, we have used the apt-get update command. With this, we have updated our system’s latest version of packages and their dependencies.
Now, we can start the installation procedure after downloading the latest packages. We have used the sudo privilege with the apt-get command to install the Inotify-tools.
The installation medium takes some time for installing the package as shown in the screenshot.
Hence, the aforementioned command has successfully installed the Inotify tools in our system. Now, we can use the inotify-tools in our system. To use the Inotify command, we have to use the inotifywait command. The following command is used for displaying the information of the inotify from its manual page. It gives information about the event it handles.
How to Use Inotify-tools in Linux
To access the inotify in the terminal or to execute the inotify command we have to use the inotifywait. In this particular section, we will explore the working of the inotify command in our Linux system. The inotifywait command monitors the changes to files effectively. It is useful for shell scripts that wait for modifications to files. If an event occurs, it can either stop running or continue running and show the occurrence of the events. Let’s consider the following command of inotifywait that uses the -m flag for the monitoring event of the file “Demo”. When the command is executed, the registers are watched. The operations we have performed with the file “Demo” are visible by the inotifywait.
We have monitored the changes of events in the above file with the inotify command. Now, we have used the inotifywait command for monitoring the directory events. We have used some other flags for monitoring the directory. We have used the -m flag which we have already demonstrated with the previous command. Then, we have the -r flag for recursive monitoring of the “Demo” directory. The –format option gives specific information about the file changes. After that, we used the format “%:e %f” where “%:e” changed events that happened and “%f” was changed to the file name that produced the event when it happened within a specified directory. Otherwise, an empty string is used in its place. The following changes occurred in the directory “Demo” when notified with the inotify command.
On the other window terminal, we have performed the following operations with the directory “Demo” and all the changes we have made are displayed by the inotifywait command in the above screenshot.
Now, we use the inotifywait command for the file located in the specified directory. For this, we have created the new directory “MyTest”.
Then, we created two files file1 and file2 in the directory “MyTest”.
Now, we have watched the event of the “MyTest” directory with the inotifywait command. The specified events are added by using the -e argument, separated by commas. We have monitored the events for creation and modification only. The events that occurred when we created and modified the above files of the directory “MyTest” are watched by the inotifywait command.
Lastly, we have performed the event create and delete in the inotify command. This will create the file “Desktop” and then stop it. Then, the directory or file is removed from the monitored directory by using the “delete”.
Conclusion
For monitoring Linux file systems, inotify commands are a strong, extremely granular technique that can be used in areas like performance monitoring, debugging, and automation. We have installed inotify-tools with the apt-get command because most Linux distributions do not come with this command. Additionally, the Linux kernel must be updated to enable the inotify support command. The kernel for the majority of Linux distributions currently has inotify enabled. We have integrated with the inotify command for the event that occurred in the directory and files.