inotify is an inode-based filesystem notification technology. It provides the possibility to monitor various events on files in filesystems. It is a very much great replacement of (obsolete) dnotify. inotify brings a comfortable way how to manage files used in your applications. The incrond (inotify cron daemon) is a daemon which monitors filesystem events (such as add a new file, delete a file and so on) and executes commands or shell scripts. It’s use is generally similar to Linux or Unix cron jobs. This page shows how to set up incrond and sync files between two web server nodes.
How to install incrond
Type the following dnf command/yum command under RHEL / Fedora / CentOS Linux:
$ sudo yum install incron
Type the apt command/apt-get command under Debian / Ubuntu Linux:
$ sudo apt-get install incron
Configuration Files
- /etc/incron.conf – Main incron configuration file
- /etc/incron.d/ – This directory is examined by incrond for system table files. You should put all your config file here as per directory or domain names.
- /etc/incron.allow – This file contains users allowed to use incron.
- /etc/incron.deny – This file contains users denied to use incron.
- /var/spool/incron – This directory is examined by incrond for user table files which is set by users running the incrontab command.
incron Syntax
The syntax is as follows:
<directory> <file change mask> <command or action> options /var/www/html IN_CREATE /root/scripts/backup.sh /sales IN_DELETE /root/scripts/sync.sh /var/named/chroot/var/master IN_CREATE,IN_ATTRIB,IN_MODIFY /sbin/rndc reload
Where,
- <directory> – It is nothing but path which is an absolute filesystem path such as /home/data. Any changes made to this path will result into command or action.
- <file change mask> – Mask is is nothing but various file system events such as deleting a file. Each event can result into command execution. Use the following masks:
- IN_ACCESS – File was accessed (read)
- IN_ATTRIB – Metadata changed (permissions, timestamps, extended attributes, etc.)
- IN_CLOSE_WRITE – File opened for writing was closed
- IN_CLOSE_NOWRITE – File not opened for writing was closed
- IN_CREATE – File/directory created in watched directory
- IN_DELETE – File/directory deleted from watched directory
- IN_DELETE_SELF – Watched file/directory was itself deleted
- IN_MODIFY – File was modified
- IN_MOVE_SELF – Watched file/directory was itself moved
- IN_MOVED_FROM – File moved out of watched directory
- IN_MOVED_TO – File moved into watched directory
- IN_OPEN – File was opened
- The IN_ALL_EVENTS symbol is defined as a bit mask of all of the above events.
- <command or action> – Run command or scripts when mask matched on given directory.
- options – It can be any one of the following with command (i.e. you can pass it as arg to your command):
- $$ – dollar sign
- $@ – watched filesystem path (see above)
- $# – event-related file name
- $% – event flags (textually)
- $& – event flags (numerically)
Turn Service On
Type the following command on a CentOS/RHEL:
# service incrond start
# chkconfig incrond on
###################################################
### systemd based Linux distro such as CentOS/RHEL 7.x/8.x, try ##
###################################################
# systemctl enable incrond.service
# systemctl start incrond.service
Linux incrond inotify monitor dir for changes and take action
Type the following command to edit your incrontab
incrontab -e
Run logger command when file created or deleted from /tmp directory:
/tmp IN_ALL_EVENTS logger "/tmp action for $# file"
Save and close the file. Now cd to /tmp and create a file:
$ cd /tmp
$ >foo
$ rm foo
To see message, enter:
$ sudo tail -f /var/log/messages
Sample outputs:
Jul 17 18:39:25 vivek-desktop logger: "/tmp action for foo file"
How Do I Run Rsync Command To Replicate Files For /var/www/html/upload Directory?
Type the following command:
# incrontab -e
Append the following command:
/var/www/html/upload/ IN_CLOSE_WRITE,IN_CREATE,IN_DELETE /usr/bin/rsync --exclude '*.tmp' -a /var/www/html/upload/ user@www2.example.com:/var/www/html/upload/
Now, wherever files are uploaded in /var/www/html/upload/ directory, rsync will be executed to sync files to www2.example.com server. Make sure ssh keys are set for password less login.
How Do I Monitor /var/www/html/upload/ and Its Subdirectories Recursively?
You cannot monitor /var/www/html/upload/ directory recursively. However, you can use the find command to add all sub-directories as follows:
find /var/www/html/upload -type d -print0 | xargs -0 -I{} echo "{} IN_CLOSE_WRITE,IN_CREATE,IN_DELETE /usr/bin/rsync --exclude '*.tmp' -a /var/www/html/upload/ user@www2.example.com:/var/www/html/upload/" > /etc/incron.d/webroot.conf
This will create /etc/incron.d/webroot.conf config as follows:
/var/www/html/upload IN_CLOSE_WRITE,IN_CREATE,IN_DELETE /usr/bin/rsync --exclude '*.tmp' -a /var/www/html/upload/ user@www2.example.com:/var/www/html/upload/ /var/www/html/upload/css IN_CLOSE_WRITE,IN_CREATE,IN_DELETE /usr/bin/rsync --exclude '*.tmp' -a /var/www/html/upload/ user@www2.example.com:/var/www/html/upload/ /var/www/html/upload/1 IN_CLOSE_WRITE,IN_CREATE,IN_DELETE /usr/bin/rsync --exclude '*.tmp' -a /var/www/html/upload/ user@www2.example.com:/var/www/html/upload/ /var/www/html/upload/js IN_CLOSE_WRITE,IN_CREATE,IN_DELETE /usr/bin/rsync --exclude '*.tmp' -a /var/www/html/upload/ user@www2.example.com:/var/www/html/upload/ /var/www/html/upload/3 IN_CLOSE_WRITE,IN_CREATE,IN_DELETE /usr/bin/rsync --exclude '*.tmp' -a /var/www/html/upload/ user@www2.example.com:/var/www/html/upload/ /var/www/html/upload/2010 IN_CLOSE_WRITE,IN_CREATE,IN_DELETE /usr/bin/rsync --exclude '*.tmp' -a /var/www/html/upload/ user@www2.example.com:/var/www/html/upload/ /var/www/html/upload/2010/11 IN_CLOSE_WRITE,IN_CREATE,IN_DELETE /usr/bin/rsync --exclude '*.tmp' -a /var/www/html/upload/ user@www2.example.com:/var/www/html/upload/ /var/www/html/upload/2010/12 IN_CLOSE_WRITE,IN_CREATE,IN_DELETE /usr/bin/rsync --exclude '*.tmp' -a /var/www/html/upload/ user@www2.example.com:/var/www/html/upload/ /var/www/html/upload/2 IN_CLOSE_WRITE,IN_CREATE,IN_DELETE /usr/bin/rsync --exclude '*.tmp' -a /var/www/html/upload/ user@www2.example.com:/var/www/html/upload/ /var/www/html/upload/files IN_CLOSE_WRITE,IN_CREATE,IN_DELETE /usr/bin/rsync --exclude '*.tmp' -a /var/www/html/upload/ user@www2.example.com:/var/www/html/upload/ /var/www/html/upload/images IN_CLOSE_WRITE,IN_CREATE,IN_DELETE /usr/bin/rsync --exclude '*.tmp' -a /var/www/html/upload/ user@www2.example.com:/var/www/html/upload/
How Do I Troubleshoot Problems?
You need to see /var/log/cron log file:
# tail -f /var/log/cron
# grep something /var/log/cron
Further readings:
- inotify project home page here
- man pages – incrontab(5), incrond, and incron.conf
🐧 31 comments so far... add one ↓
Apache: Make Changes In a Config File Take Effect…
Bash read file names from a text file and take action
How To Take A Screenshot Using Linux tvtime Application
Linux: Allow Normal Users To Take Down eth1:N But…
How do you take a single line of input from the user…
HowTo: OS X Take a Screenshot On My Mac Desktop
Vi / Vim: Wipe and Undo All Changes Since Opening a File
| Category | List of Unix and Linux commands |
|---|---|
| Disk space analyzers | ncdu • pydf |
| File Management | cat |
| Firewall | Alpine Awall • CentOS 8 • OpenSUSE • RHEL 8 • Ubuntu 16.04 • Ubuntu 18.04 • Ubuntu 20.04 |
| Network Utilities | NetHogs • dig • host • ip • nmap |
| OpenVPN | CentOS 7 • CentOS 8 • Debian 10 • Debian 8/9 • Ubuntu 18.04 • Ubuntu 20.04 |
| Package Manager | apk • apt |
| Processes Management | bg • chroot • cron • disown • fg • jobs • killall • kill • pidof • pstree • pwdx • time |
| Searching | grep • whereis • which |
| User Information | groups • id • lastcomm • last • lid/libuser-lid • logname • members • users • whoami • who • w |
| WireGuard VPN | Alpine • CentOS 8 • Debian 10 • Firewall • Ubuntu 20.04 |
Awesome man! I liked the most about rndc reload. Now no need to keep running rndc reload every hour or so.
Why reload named every hour? Do you make any automated changes to zone file?
No I don’t. Just gave a thought. I know XName.org reloads it every hour. I don’t have too many zones.
None of my machines using the default CentOS repos seem to have incron available to install. Which repos are you using? My machines are Centos 5.5 ones (one 32-bit, one 64-bit).
It is from Fedora Project – EPEL repo. Install epel repo and you will get access to tons of binary packages.
HTH
After adding EPEL per the tutorial you linked, I was able to add incron onto my machine. Thanks for the quick response and very useful information you’ve provided.
Silly, this can be done with a simple 4 or 5 line script in python.
hints
os.path.exists
os.unlink
popen
Ya sure, but you need to run it as a daemon, it would be slow/cpuhog. incron is in C, so works much faster. There may be some python-inotify library which can be used instead of the above suggestion.
Also, using this method, you could write a bash daemon! (I have one on my local system to check that if pidgin runs, ensure skype runs, if pidgin doesn’t kill skype).
And wohoo, here’s the python-inotify library- http://trac.dbzteam.org/pyinotify
Try that on tons of thousandths of files and you will see that your Python will perform in tens of seconds rather than milliseconds. You will say that there is no big difference but this will translate in disk reads a the physical level rather than operating system level triggers.
I speak from experience. I am not using incrond but something similar in production and it performs way faster that the similar Python code.
Use the right tool for the job.
That’s one of the libraries, there’s a C extension also available which directly handles with the kernel, i.e. responds to kernel events. Just google it out.
I don’t suppose we have similar version of this for Mac OS X ? Can’t seem to find one.
May be this will help. Edit: It appers that it is a work in progress software. If you know coding than you can always use knotify API.
From what I’m seeing online, the FreeBSD and Mac OS X implementation is called kqueue rather than inotify.
Something else I wanted to bring up about using inotify after having looked more into it. There’s a handy option lsyncd that will work better than incrond for rsyncing directories. The project’s home page is at http://code.google.com/p/lsyncd/
Is there a consideration of bring up lsync for either this tutorial or another one? It appears to possibly work better due to handling recursion in a directory for rsyncing using inotify based on what I’m seeing.
(If this ends up double posting, apologies, but it didn’t appear to post or even be in moderation after I initially submitted it so re-adding it.)
DRBD is much better solution if you need to mirror entire partition in real time. It is like network based RAID-1.
Something else I wanted to bring up about using inotify after having looked more into it. There’s a handy option lsyncd that will work better than incrond for rsyncing directories. The project’s home page is at http://code.google.com/p/lsyncd/
Is there a consideration of bring up lsync for either this tutorial or another one? It appears to possibly work better due to handling recursion in a directory for rsyncing using inotify based on what I’m seeing.
Hi all,
Is it possible to set incrontab in bash script? I tried to set normal crontab and it works without any problem but not “incrontab” :(
Any idea?
R
This is easily the best website to check for new ideas. I was struggling with inotify for this kind of job and I wouldn’t have find this incron tool by myself.
Thanks for the tutorial. I was exactly looking for a tool like this one – thanks to this blog it even comes with a complete tutorial! :)
Check out the script mentioned in the url pasted below. It uses inotifywait to recursively monitor and record file creation events.
http://jackal777.wordpress.com/2013/05/11/script-to-monitor-file-creation-under-all-cpanel-users-documentroot/
HI Nix craft,
when i use incrontab out of the box, i mean no changes,
i have no result, as if the cmd was not executed.
my incron line is :
the log give information as if everything was ok but no actually
when i change my incron to :
the log give me this:
multiple times
here is the incron.conf:
any idea ?
Hi Nix craft,
This is helpful I appended an email notification whenever a file is being copied but when there’s a lot of file being transferred its spamming my email because it is monitoring every event.. Any suggestion to send email per batch not per files.
i have a question,
im running cuckoo sandbox,
and i want to make a folder, that whenever i put a sample there, this script will perform the next action
python submit.py
how could i do that?
Has anyone got incron & unison successfully working together to sync remote servers, all on CentOS 6? If so, can you explain, please?
Thanks
We use this line for “incrontab -e”:
/home/user-to-be-replicated/base-directory IN_CREATE,IN_DELETE,IN_CLOSE_WRITE unison -batch -group -owner /home/user-to-be-replicated/base-directory ssh://otherhost//home/user-to-be-replicated/base-directory
Additionally we configured password-less auth for root (private/public-key pair) and enabled incron for root:
echo ‘root’ >> /etc/incron.allow
I hope this helps.
I have a situation where we receive 2 or more small files of say 2k thru an FTP at the same time.
incron only fires once for both files and passes only one file name.
Anyone know the reason for this, and what I can do to resolve this.
Awesome, exactly what I needed. I use it with cups and avahi to print PDFs on my iPhone and automatically email them to myself. Many thanks.
Thanks for this write-up!
This probably sounds stupid, but I’m trying to save after I enter my command. But I can’t figure out how.
I incron -e enter my command and can’t get back out to the command line. How do I save my changes?
Thanks for this tool. We have a problem. Is there a way to check if the file was created and delete that file before executing it? We have been attacked on our site and we have noticed that a file is created and it contains all the malicious code. We think that if we check that the file was uploaded, we delete it before taking any action. Let’s say the file is called: “abcdef_” with no extension. How can we do that with incron???
PD: Sorry for my english