這篇文章將為大家詳細(xì)講解有關(guān)Python中如何使用pyinotify日志監(jiān)控系統(tǒng)處理日志，小編覺得挺實(shí)用的，因此分享給大家做個(gè)參考，希望大家閱讀完這篇文章后可以有所收獲。

從網(wǎng)站建設(shè)到定制行業(yè)解決方案，為提供網(wǎng)站設(shè)計(jì)、成都網(wǎng)站建設(shè)服務(wù)體系，各種行業(yè)企業(yè)客戶提供網(wǎng)站建設(shè)解決方案，助力業(yè)務(wù)快速發(fā)展。創(chuàng)新互聯(lián)將不斷加快創(chuàng)新步伐，提供優(yōu)質(zhì)的建站服務(wù)。

pyinotify

Pyinotify是一個(gè)Python模塊，用來監(jiān)測(cè)文件系統(tǒng)的變化。 Pyinotify依賴于Linux內(nèi)核的功能—inotify（內(nèi)核2.6.13合并）。 inotify的是一個(gè)事件驅(qū)動(dòng)的通知器，其通知接口通過三個(gè)系統(tǒng)調(diào)用從內(nèi)核空間到用戶空間。pyinotify結(jié)合這些系統(tǒng)調(diào)用，并提供一個(gè)頂級(jí)的抽象和一個(gè)通用的方式來處理這些功能。

1. pyinotify 說百了就是通過 調(diào)用系統(tǒng)的inotify來實(shí)現(xiàn)通知的

2. inotify 既可以監(jiān)視文件，也可以監(jiān)視目錄

3. Inotify 使用系統(tǒng)調(diào)用而非 SIGIO 來通知文件系統(tǒng)事件。

Inotify 可以監(jiān)視的文件系統(tǒng)事件包括：

Event Name	Is an Event	Description
IN_ACCESS	Yes	file was accessed.
IN_ATTRIB	Yes	metadata changed.
IN_CLOSE_NOWRITE	Yes	unwrittable file was closed.
IN_CLOSE_WRITE	Yes	writtable file was closed.
IN_CREATE	Yes	file/dir was created in watched directory.
IN_DELETE	Yes	file/dir was deleted in watched directory.
IN_DELETE_SELF	Yes	自刪除，即一個(gè)可執(zhí)行文件在執(zhí)行時(shí)刪除自己
IN_DONT_FOLLOW	No	don't follow a symlink (lk 2.6.15).
IN_IGNORED	Yes	raised on watched item removing. Probably useless for you, prefer instead IN_DELETE*.
IN_ISDIR	No	event occurred against directory. It is always piggybacked to an event. The Event structure automatically provide this information (via .is_dir)
IN_MASK_ADD	No	to update a mask without overwriting the previous value (lk 2.6.14). Useful when updating a watch.
IN_MODIFY	Yes	file was modified.
IN_MOVE_SELF	Yes	自移動(dòng)，即一個(gè)可執(zhí)行文件在執(zhí)行時(shí)移動(dòng)自己
IN_MOVED_FROM	Yes	file/dir in a watched dir was moved from X. Can trace the full move of an item when IN_MOVED_TO is available too, in this case if the moved item is itself watched, its path will be updated (see IN_MOVE_SELF).
IN_MOVED_TO	Yes	file/dir was moved to Y in a watched dir (see IN_MOVE_FROM).
IN_ONLYDIR	No	only watch the path if it is a directory (lk 2.6.15). Usable when calling .add_watch.
IN_OPEN	Yes	file was opened.
IN_Q_OVERFLOW	Yes	event queued overflowed. This event doesn't belongs to any particular watch.
IN_UNMOUNT	Yes	宿主文件系統(tǒng)被 umount

IN_ACCESS，即文件被訪問

IN_MODIFY，文件被write

IN_ATTRIB，文件屬性被修改，如chmod、chown、touch等

IN_CLOSE_WRITE，可寫文件被close

IN_CLOSE_NOWRITE，不可寫文件被close

IN_OPEN，文件被open

IN_MOVED_FROM，文件被移走,如mv

IN_MOVED_TO，文件被移來，如mv、cp

IN_CREATE，創(chuàng)建新文件

IN_DELETE，文件被刪除，如rm

IN_DELETE_SELF，自刪除，即一個(gè)可執(zhí)行文件在執(zhí)行時(shí)刪除自己

IN_MOVE_SELF，自移動(dòng)，即一個(gè)可執(zhí)行文件在執(zhí)行時(shí)移動(dòng)自己

IN_UNMOUNT，宿主文件系統(tǒng)被umount

IN_CLOSE，文件被關(guān)閉，等同于(IN_CLOSE_WRITE | IN_CLOSE_NOWRITE)

IN_MOVE，文件被移動(dòng)，等同于(IN_MOVED_FROM | IN_MOVED_TO)

pyinotify使用例子

#!/usr/bin/python
# coding:utf-8
import os
from pyinotify import WatchManager, Notifier,ProcessEvent,IN_DELETE, IN_CREATE,IN_MODIFY
class EventHandler(ProcessEvent):

 """事件處理"""
 def process_IN_CREATE(self, event):
 print "Create file: %s " % os.path.join(event.path,event.name)

 def process_IN_DELETE(self, event):
 print "Delete file: %s " % os.path.join(event.path,event.name)

 def process_IN_MODIFY(self, event):
 print "Modify file: %s " % os.path.join(event.path,event.name)
 

def FSMonitor(path='.'):
 wm = WatchManager() 
 mask = IN_DELETE | IN_CREATE |IN_MODIFY
 notifier = Notifier(wm, EventHandler())
 wm.add_watch(path, mask,auto_add=True,rec=True)
 print 'now starting monitor %s'%(path)
 while True:
 try:
  notifier.process_events()
  if notifier.check_events():
  notifier.read_events()
 except KeyboardInterrupt:
  notifier.stop()
  break
if __name__ == "__main__":
 FSMonitor('/root/softpython/apk_url')

關(guān)于“Python中如何使用pyinotify日志監(jiān)控系統(tǒng)處理日志”這篇文章就分享到這里了，希望以上內(nèi)容可以對(duì)大家有一定的幫助，使各位可以學(xué)到更多知識(shí)，如果覺得文章不錯(cuò)，請(qǐng)把它分享出去讓更多的人看到。

網(wǎng)頁題目：Python中如何使用pyinotify日志監(jiān)控系統(tǒng)處理日志-創(chuàng)新互聯(lián)
新聞來源：http://weahome.cn/article/gsoei.html