Inotify is a file system event-monitoring mechanism slated for inclusion in upcoming Linux™ kernels that is designed to serve as an effective replacement for dnotify, which was the de facto file-monitoring mechanism supported in older kernels. Inotify is a powerful, fine-grained, asynchronous mechanism ideally suited for a variety of file-monitoring needs including, but not limited to, security and performance.
Inotify replaces Dnotify in the 2.6 Kernel
About The Author
Eugenia Loli
Ex-programmer, ex-editor in chief at OSNews.com, now a visual artist/filmmaker.
Follow me on Twitter @EugeniaLoli
AFAIK it hasn’t replaced it yet in the vanilla kernel, you still have to apply Robert Love’s patches from here:
http://www.kernel.org/pub/linux/kernel/people/rml/inotify/
Eventually it should replace dnotify, but all the issues have to be ironed out with the kernel devs.
Inotify is not yet in the 2.6 kernel–but we are working on it!
If anyone wants to help out, please do.
This mechanism doesn’t seem to allow to watch a directory recursively, like the enhanched dnotify mechanism does: http://lambda-computing.com/projects/dnotify/
Btw: Will there ever be a replacement for stati, so I can traverse a dir recursively in an efficient way?
Hi Robert!
Did you have a look at the enhanced notify mechanism I mentioned above? How does it compare to your patches?
Allows for cool toys like Beagle and others.
hahah… yeah, it is. Like the “illegal drugs” totebag. bwahhahah!
Anywho… iNotify looks good. I’m sure any shortcomings will be addressed rather quickly, once it has been dumped into the kernel.
http://www.kernel.org/pub/linux/kernel/people/rml/inotify/v2.6/0.22…
Look at how there is no deep nesting in functions, small functions, nice comment at the type of the functions. Easily readable.
I find a lot of kernel code is nice code compared to the majority of open source projects.
That’s because not just anyone gets kernel patches accepted
. A lot of OSS projects are just someone who likes to publish their tinkerings, and then at some point they decide it was a good idea and try to make it a more professional project. After a while they figure out that their code was awful, and they rewrite it. Then people call it mature…
…(what version of the kernel) it will become standard? Did I miss that in the article?
I’ve been using gnome 2.10 + gamin CVS + inotify 0.22 since a few days, everything worked flawlessy. Good work!
Sorry, gamin CVS with the new inotify backend by John McCutchan: http://bugzilla.gnome.org/show_bug.cgi?id=171201
oh stick that tm you know where!!!
Great! It’s about time dnotify was replaced. (Few things in this world are as bad as dnotify.)
Does anyone know if inotify is any good? Can you monitor directories recursively (and efficiently)? How does it handle hardlinks?
“oh stick that tm you know where!!!”
Does anyone else think that it looks a little more professional with the trademark symbol?
But there’s lots of mainstream linux-distro code that is incomprehensible. One of the notorious examples is the telnet code (which to the man page’s credit notes that the code is an uncomprehensible spaghetti mess). It’s just not junior-high school sourceforge project that suffers from crappy code, but stuff you might use everyday.
But there’s lots of mainstream linux-distro code that is incomprehensible. One of the notorious examples is the telnet code (which to the man page’s credit notes that the code is an uncomprehensible spaghetti mess). It’s just not junior-high school sourceforge project that suffers from crappy code, but stuff you might use everyday.
That goes for proprietary code too, you just don’t know it because you can’t see it. Look at the mess that was netscape when they opened the code up.
” It’s just not junior-high school sourceforge project that suffers from crappy code, but stuff you might use everyday.
”
if you are using telnet everyday you probably are doing some stuff wrong
Or maybe not. telnet is great to test services (telnet server 25 to check if sendmail is running, etc)
you might like netcat
can thoses tools be used like the good old “snoopdos on amiga?
snoopdos was really useful, when launching an app, if snoopdos were running in the background, snoopdos printed all filesystem actions, like : this program opened this library.. result= ok (or failed)
so you could know at once why a program refuse to start.. you just have to read snoopdos’s log.. so you see what lib were not found, or refused to get loaded or if some fonts were missing … all filesystem action logged.
it was really helpful, i would love such a tool for linux.
like when i try to compile and install/run a game or a prog, i could see at once what didn’t work.
maybe i’m wrong but it look like thoses dnotify/ inotify are part of what is needed to accomplish such a tool as snoopdos is.
so is it possible afterall to monitor filesystem actions on linux ???
Check out strace, which usually comes as standard on Linux distros.
You can use
simple servis check
exec 5<>/dev/tcp/127.0.0.1/22 && cat <&5
or
exec 5<>/dev/tcp/127.0.0.1/80 && echo “GET / HTTP/1.0″$’
‘ >&5 && cat <&5
if you want dump of your web page
There is already a complete suite of diagnostic tools, including stuff like strace (as mentioned before), ltrace, lsof & fuser, and the valgrind suite.
The closest in operation to SnoopDOS is Sysinternals “filemon”, also available for Windows, but the other tools above are more or less equivalent.
The notify family are not relevant to this problem because they inform you about changes to the filesystem, not about who caused the change. They’re intended for “live” updates of file managers and similar tools.
Most app allready reports that kind of errors… one way to hunt problems is with lsof (check open files). Strace was mentioned, ldd migh come in handy, see oprofile and valgrind for real forensics