Learn how you can see the changes that occur in your Ubuntu directories on Linux using the Pyinotify package.
Since version 2.6.13 of Linux, a security functionality called inotify was incorporated which allows a system monitoring program to open a single file descriptor and there we have access to the events that occur in a directory or file and thus Keep a centralized control over these.
Thanks to inotify you can access attributes about directories such as open, create, close, move/rename, delete, change, among others.
Pyinotify has been developed to improve the administration levels of these parameters further, and today we will analyze how to configure it in Ubuntu 16.04.
What is Pyinotify?
Pyinotify is a Python package which provides tools, among which we have variables, signals, and conditions, which will make the task of management something much more specific about the possible changes made in a directory. These three tools fulfill a fundamental role like this:
- Variables: Contain Python objects
- Signals: These are lists of handles which are activated when a signal is issued.
- Conditions: These are Boolean variables linked to a signal that is emitted when its status changes.
- Linux kernel 2.6.13 or higher
- Python 2.4 or higher
To know what version we have of each of these requirements we will execute the following commands:
uname -r (Kernel version) python -V (Python version)
Install Pyinotify on Linux
To install the application we will use pip, and for this, we will execute the following commands depending on the Linux distro used:
sudo yum install python-pip
Debian / Ubuntu
sudo apt install python-pip
sudo dnf install python-pip
Now we execute the following command for the installation of the application:
sudo pip install pyinotify
There we will install the most recent application in the repository. If you wish to have the latest version of Pyinotify, we will execute the following commands in their order:
git clone https://github.com/seb-m/pyinotify.git cd pyinotify / ls python setup.py install
How To Use Pyinotify in Ubuntu 16.04
To use pyinotify in the monitoring of a certain directory, we will execute the following command:
python -m pyinotify -v /home/augusto/TheLinuxCode
With this, we will analyze the changes in the /TheLinuxCode directory.
We have created a new folder in /TheLinuxCode called Test and we can see how in real time pyinotify detects the change and registers it with its respective event:
The structure of pyinotify is:
- Date and time of the event.
- Size of the event
- Event type.
- Route where the event occurred.
To exit pyinotify monitoring, we will use the following key combination Ctrl + C. If we do not specify a directory to analyze the tool, use the /tmp directory by default.
Pyinotify is a valuable tool as administrators that will allow us to take a specific control over the events that occurred in real time in a Linux directory and in this way know in detail what type of event happened and take the necessary measures.