1

Do we have a tool that can track file level changes at a user level for a directory?

To further add,

My requirement is this -

This is the directory i would like to track /var/lib/docker/volumes/shared/_data -

Any changes to any files inside this folder should be tracked & logged. At some point of time, i would like to see who changed which file inside this. Will your code help achieve this?

How easy it is to view the expected output(user who changed/file that was changed/what was changed)?

Geek Favour
  • 19

1 Answers1

5

Yes -

inotifywait - wait for changes to files using inotify

Example:

while inotifywait -e modify /var/log/my_log; do
  if tail -n1 /var/log/my_log | grep error; then
    write_email_to_support
  fi
done

For your specific use case you can use -m (monitor) or -d (daemon, same as monitor, but run in background) and output (-o) to some log file:

#!/bin/bash
inotifywait -e create,modify -m /var/lib/docker/volumes/shared/_data -o /var/log/shared_data_log
  • Add -r to make inotfiywait watch changes recursively
  • You can use --format ... to specify an output format.
  • It is not possible to see who create or changed a file. That is a limitation of the file system.

See man inotifywait for more options.

pLumo
  • 26,947
  • Who created/Edited a file is an important thing that i am looking for in this requirement. Do you recommend any other UI based tools? This code that you have shared works great. Just tested it out. CREATE/MODIFY it displays great. – Geek Favour Sep 17 '21 at 07:46
  • It is simply not possible to know created / modified a file. You can know the owner, but that does not mean anything. – pLumo Sep 17 '21 at 08:24