溫馨提示×

溫馨提示×

您好,登錄后才能下訂單哦!

密碼登錄×
登錄注冊×
其他方式登錄
點(diǎn)擊 登錄注冊 即表示同意《億速云用戶服務(wù)條款》

Python中如何使用pyinotify日志監(jiān)控系統(tǒng)處理日志

發(fā)布時間:2021-08-09 09:24:51 來源:億速云 閱讀:145 作者:小新 欄目:開發(fā)技術(shù)

這篇文章將為大家詳細(xì)講解有關(guān)Python中如何使用pyinotify日志監(jiān)控系統(tǒng)處理日志,小編覺得挺實(shí)用的,因此分享給大家做個參考,希望大家閱讀完這篇文章后可以有所收獲。

pyinotify

Pyinotify是一個Python模塊,用來監(jiān)測文件系統(tǒng)的變化。 Pyinotify依賴于Linux內(nèi)核的功能—inotify(內(nèi)核2.6.13合并)。 inotify的是一個事件驅(qū)動的通知器,其通知接口通過三個系統(tǒng)調(diào)用從內(nèi)核空間到用戶空間。pyinotify結(jié)合這些系統(tǒng)調(diào)用,并提供一個頂級的抽象和一個通用的方式來處理這些功能。

  1. pyinotify 說百了就是通過 調(diào)用系統(tǒng)的inotify來實(shí)現(xiàn)通知的

  2. inotify 既可以監(jiān)視文件,也可以監(jiān)視目錄

  3. Inotify 使用系統(tǒng)調(diào)用而非 SIGIO 來通知文件系統(tǒng)事件。

Inotify 可以監(jiān)視的文件系統(tǒng)事件包括:

Event NameIs an EventDescription
IN_ACCESSYesfile was accessed.
IN_ATTRIBYesmetadata changed.
IN_CLOSE_NOWRITEYesunwrittable file was closed.
IN_CLOSE_WRITEYeswrittable file was closed.
IN_CREATEYesfile/dir was created in watched directory.
IN_DELETEYesfile/dir was deleted in watched directory.
IN_DELETE_SELFYes自刪除,即一個可執(zhí)行文件在執(zhí)行時刪除自己
IN_DONT_FOLLOWNodon't follow a symlink (lk 2.6.15).
IN_IGNOREDYesraised on watched item removing. Probably useless for you, prefer instead IN_DELETE*.
IN_ISDIRNoevent occurred against directory. It is always piggybacked to an event. The Event structure automatically provide this information (via .is_dir)
IN_MASK_ADDNoto update a mask without overwriting the previous value (lk 2.6.14). Useful when updating a watch.
IN_MODIFYYesfile was modified.
IN_MOVE_SELFYes自移動,即一個可執(zhí)行文件在執(zhí)行時移動自己
IN_MOVED_FROMYesfile/dir in a watched dir was moved from X. Can trace the full move of an item when IN_MOVED_TO is available too, in this case if the moved item is itself watched, its path will be updated (see IN_MOVE_SELF).
IN_MOVED_TOYesfile/dir was moved to Y in a watched dir (see IN_MOVE_FROM).
IN_ONLYDIRNoonly watch the path if it is a directory (lk 2.6.15). Usable when calling .add_watch.
IN_OPENYesfile was opened.
IN_Q_OVERFLOWYesevent queued overflowed. This event doesn't belongs to any particular watch.
IN_UNMOUNTYes宿主文件系統(tǒng)被 umount

IN_ACCESS,即文件被訪問

IN_MODIFY,文件被write

IN_ATTRIB,文件屬性被修改,如chmod、chown、touch等

IN_CLOSE_WRITE,可寫文件被close

IN_CLOSE_NOWRITE,不可寫文件被close

IN_OPEN,文件被open

IN_MOVED_FROM,文件被移走,如mv

IN_MOVED_TO,文件被移來,如mv、cp

IN_CREATE,創(chuàng)建新文件

IN_DELETE,文件被刪除,如rm

IN_DELETE_SELF,自刪除,即一個可執(zhí)行文件在執(zhí)行時刪除自己

IN_MOVE_SELF,自移動,即一個可執(zhí)行文件在執(zhí)行時移動自己

IN_UNMOUNT,宿主文件系統(tǒng)被umount

IN_CLOSE,文件被關(guān)閉,等同于(IN_CLOSE_WRITE | IN_CLOSE_NOWRITE)

IN_MOVE,文件被移動,等同于(IN_MOVED_FROM | IN_MOVED_TO)

pyinotify使用例子

#!/usr/bin/python
# coding:utf-8
import os
from pyinotify import WatchManager, Notifier,ProcessEvent,IN_DELETE, IN_CREATE,IN_MODIFY
class EventHandler(ProcessEvent):

 """事件處理"""
 def process_IN_CREATE(self, event):
 print "Create file: %s " % os.path.join(event.path,event.name)

 def process_IN_DELETE(self, event):
 print "Delete file: %s " % os.path.join(event.path,event.name)

 def process_IN_MODIFY(self, event):
 print "Modify file: %s " % os.path.join(event.path,event.name)
 

def FSMonitor(path='.'):
 wm = WatchManager() 
 mask = IN_DELETE | IN_CREATE |IN_MODIFY
 notifier = Notifier(wm, EventHandler())
 wm.add_watch(path, mask,auto_add=True,rec=True)
 print 'now starting monitor %s'%(path)
 while True:
 try:
  notifier.process_events()
  if notifier.check_events():
  notifier.read_events()
 except KeyboardInterrupt:
  notifier.stop()
  break
if __name__ == "__main__":
 FSMonitor('/root/softpython/apk_url')

關(guān)于“Python中如何使用pyinotify日志監(jiān)控系統(tǒng)處理日志”這篇文章就分享到這里了,希望以上內(nèi)容可以對大家有一定的幫助,使各位可以學(xué)到更多知識,如果覺得文章不錯,請把它分享出去讓更多的人看到。

向AI問一下細(xì)節(jié)

免責(zé)聲明:本站發(fā)布的內(nèi)容(圖片、視頻和文字)以原創(chuàng)、轉(zhuǎn)載和分享為主,文章觀點(diǎn)不代表本網(wǎng)站立場,如果涉及侵權(quán)請聯(lián)系站長郵箱:is@yisu.com進(jìn)行舉報,并提供相關(guān)證據(jù),一經(jīng)查實(shí),將立刻刪除涉嫌侵權(quán)內(nèi)容。

AI