您好,登錄后才能下訂單哦!
這篇文章將為大家詳細(xì)講解有關(guān)Python中如何使用pyinotify日志監(jiān)控系統(tǒng)處理日志,小編覺得挺實(shí)用的,因此分享給大家做個參考,希望大家閱讀完這篇文章后可以有所收獲。
pyinotify
Pyinotify是一個Python模塊,用來監(jiān)測文件系統(tǒng)的變化。 Pyinotify依賴于Linux內(nèi)核的功能—inotify(內(nèi)核2.6.13合并)。 inotify的是一個事件驅(qū)動的通知器,其通知接口通過三個系統(tǒng)調(diào)用從內(nèi)核空間到用戶空間。pyinotify結(jié)合這些系統(tǒng)調(diào)用,并提供一個頂級的抽象和一個通用的方式來處理這些功能。
pyinotify 說百了就是通過 調(diào)用系統(tǒng)的inotify來實(shí)現(xiàn)通知的
inotify 既可以監(jiān)視文件,也可以監(jiān)視目錄
Inotify 使用系統(tǒng)調(diào)用而非 SIGIO 來通知文件系統(tǒng)事件。
Inotify 可以監(jiān)視的文件系統(tǒng)事件包括:
Event Name | Is an Event | Description |
IN_ACCESS | Yes | file was accessed. |
IN_ATTRIB | Yes | metadata changed. |
IN_CLOSE_NOWRITE | Yes | unwrittable file was closed. |
IN_CLOSE_WRITE | Yes | writtable file was closed. |
IN_CREATE | Yes | file/dir was created in watched directory. |
IN_DELETE | Yes | file/dir was deleted in watched directory. |
IN_DELETE_SELF | Yes | 自刪除,即一個可執(zhí)行文件在執(zhí)行時刪除自己 |
IN_DONT_FOLLOW | No | don't follow a symlink (lk 2.6.15). |
IN_IGNORED | Yes | raised on watched item removing. Probably useless for you, prefer instead IN_DELETE*. |
IN_ISDIR | No | event occurred against directory. It is always piggybacked to an event. The Event structure automatically provide this information (via .is_dir) |
IN_MASK_ADD | No | to update a mask without overwriting the previous value (lk 2.6.14). Useful when updating a watch. |
IN_MODIFY | Yes | file was modified. |
IN_MOVE_SELF | Yes | 自移動,即一個可執(zhí)行文件在執(zhí)行時移動自己 |
IN_MOVED_FROM | Yes | file/dir in a watched dir was moved from X. Can trace the full move of an item when IN_MOVED_TO is available too, in this case if the moved item is itself watched, its path will be updated (see IN_MOVE_SELF). |
IN_MOVED_TO | Yes | file/dir was moved to Y in a watched dir (see IN_MOVE_FROM). |
IN_ONLYDIR | No | only watch the path if it is a directory (lk 2.6.15). Usable when calling .add_watch. |
IN_OPEN | Yes | file was opened. |
IN_Q_OVERFLOW | Yes | event queued overflowed. This event doesn't belongs to any particular watch. |
IN_UNMOUNT | Yes | 宿主文件系統(tǒng)被 umount |
IN_ACCESS,即文件被訪問
IN_MODIFY,文件被write
IN_ATTRIB,文件屬性被修改,如chmod、chown、touch等
IN_CLOSE_WRITE,可寫文件被close
IN_CLOSE_NOWRITE,不可寫文件被close
IN_OPEN,文件被open
IN_MOVED_FROM,文件被移走,如mv
IN_MOVED_TO,文件被移來,如mv、cp
IN_CREATE,創(chuàng)建新文件
IN_DELETE,文件被刪除,如rm
IN_DELETE_SELF,自刪除,即一個可執(zhí)行文件在執(zhí)行時刪除自己
IN_MOVE_SELF,自移動,即一個可執(zhí)行文件在執(zhí)行時移動自己
IN_UNMOUNT,宿主文件系統(tǒng)被umount
IN_CLOSE,文件被關(guān)閉,等同于(IN_CLOSE_WRITE | IN_CLOSE_NOWRITE)
IN_MOVE,文件被移動,等同于(IN_MOVED_FROM | IN_MOVED_TO)
pyinotify使用例子
#!/usr/bin/python # coding:utf-8 import os from pyinotify import WatchManager, Notifier,ProcessEvent,IN_DELETE, IN_CREATE,IN_MODIFY class EventHandler(ProcessEvent): """事件處理""" def process_IN_CREATE(self, event): print "Create file: %s " % os.path.join(event.path,event.name) def process_IN_DELETE(self, event): print "Delete file: %s " % os.path.join(event.path,event.name) def process_IN_MODIFY(self, event): print "Modify file: %s " % os.path.join(event.path,event.name) def FSMonitor(path='.'): wm = WatchManager() mask = IN_DELETE | IN_CREATE |IN_MODIFY notifier = Notifier(wm, EventHandler()) wm.add_watch(path, mask,auto_add=True,rec=True) print 'now starting monitor %s'%(path) while True: try: notifier.process_events() if notifier.check_events(): notifier.read_events() except KeyboardInterrupt: notifier.stop() break if __name__ == "__main__": FSMonitor('/root/softpython/apk_url')
關(guān)于“Python中如何使用pyinotify日志監(jiān)控系統(tǒng)處理日志”這篇文章就分享到這里了,希望以上內(nèi)容可以對大家有一定的幫助,使各位可以學(xué)到更多知識,如果覺得文章不錯,請把它分享出去讓更多的人看到。
免責(zé)聲明:本站發(fā)布的內(nèi)容(圖片、視頻和文字)以原創(chuàng)、轉(zhuǎn)載和分享為主,文章觀點(diǎn)不代表本網(wǎng)站立場,如果涉及侵權(quán)請聯(lián)系站長郵箱:is@yisu.com進(jìn)行舉報,并提供相關(guān)證據(jù),一經(jīng)查實(shí),將立刻刪除涉嫌侵權(quán)內(nèi)容。