Solved

File::Monitor multifunction PERL script

Posted on 2007-04-03
7
2,924 Views
Last Modified: 2007-10-18
Follow up to previous question...

I got a great script from Clockwatcher and want to modify it so that it returns not just files added and deleted to the directory, but if existing files have changed since the initial scan.  I need the name of the file that changed as a return value,

Here is what I started with:

use File::Monitor;

my $monitor = File::Monitor->new();

$monitor->watch( {
        name        => 'c:/logs',
        callback    => \&SomethingHappened,
      files => 1
      }
    );
   

$monitor->scan();

for ($i=0; $i < 10; $i++)
{
      $monitor->scan();    
      sleep 10;
}

sub SomethingHappened
{
      my ($name, $event, $change) = @_;

      my @adds = $change->files_created;
      my @dels = $change->files_deleted;

      print "Added: ".join("\nAdded: ", @adds)."\n" if @adds;
      print "Removed: ".join("\nRemoved: ", @dels)."\n" if @dels;

}

I have tried variations of the line:
my @mods = $change(mtime);  but haven't had any luck.
0
Comment
Question by:itcs-css
  • 4
  • 2
7 Comments
 
LVL 84

Assisted Solution

by:ozo
ozo earned 200 total points
ID: 18846508
print "Time changed: $name\n" if $change->is_time;
0
 
LVL 1

Author Comment

by:itcs-css
ID: 18846739
Ozo...

The comment helps me start to understand how to call this function.  But adding this only works to add another print line for added or deleted files.

clockwatchers script is pretty specifically for watching one directory...what I need is a way to watch the files inside without knowing ahead of time which files are in there at the start of the monitor.
0
 
LVL 84

Expert Comment

by:ozo
ID: 18846916
If you are monitoring files addeed and removed, then you know at all times which files are  in there
0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 
LVL 1

Author Comment

by:itcs-css
ID: 18846993
Sorry for not being clear on this.

I need to watch for 2 separate events...

a file is added or removed from the directory (clockwatcher's cover this perfectly)

a file that existed when the monitor was set has been updated with a config change (the mtime change is what I think will work for this)

What I see when I add the line above only seems to take effect on the added or deleted files.  I think my logic here is off in reading the File::Monitor docs.  It seems like an either/or directory or files function and not both.

Am I wrong in that aspect?
0
 
LVL 17

Accepted Solution

by:
mjcoyne earned 300 total points
ID: 18847408
I don't have this module to check this out, but by reading the docs for File::Monitor::Delta (see http://search.cpan.org/~andya/File-Monitor-v0.0.5/lib/File/Monitor/Delta.pm), it looks as though if you add:

my @filestats = $change->is_metadata;

and:

print "Changed: ".join("\nChanged: ", @filestats)."\n" if @filestats;

you should be able to detect changes in the metadata of the file, which includes mtime, ctime, uid, gid and mode.
0
 
LVL 1

Author Comment

by:itcs-css
ID: 18850865
mjcoyne...

I tried a few variations on that theme, but I only ever get "Changed" reports when a new file is added or an existing file is deleted and not any changes when existing files are modified.

I suspect it has to do with the explicit files => 1 in the given script, but taking it out doesn't seem to matter.  There seems to be a missing example in the docs on how something in here works.  :(
0
 
LVL 1

Author Comment

by:itcs-css
ID: 18851736
It isn't pretty but this works by establishing multiple monitors that respond to the same looped scan...Now I just have to make it output the hash value in something human readable and I'll be on my way.

use File::Monitor;
use File::Monitor::Object;

my $monitor = File::Monitor->new();

chdir 'c:\\temp';
$temp = 'c:\\temp';

opendir DIR, $temp;
while ($file = readdir DIR) {
  next if $file =~ /^\./;
  push @files, $file;
}

#watch the files in the directory for changes
foreach (@files) {
$monitor->watch("$_", sub {
    my ($name, $event, $change) = @_;
    print "$name : $change \n";
    });
}

#Watch the directory for changes
$monitor->watch( {
        name        => "$temp",
        recurse     => 1,
        callback    => \&Test,
    } );

$monitor->scan;

for ($i=0; $i < 100; $i++)
{
      my @changes = $monitor->scan;  
      sleep 5;
}

sub Test
{
      my ($name, $event, $change) = @_;

      my @adds = $change->files_created;
      my @dels = $change->files_deleted;
     
      print "Added: ".join("\nAdded: ", @adds)."\n" if @adds;
      print "Removed: ".join("\nRemoved: ", @dels)."\n" if @dels;
}

0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

On Microsoft Windows, if  when you click or type the name of a .pl file, you get an error "is not recognized as an internal or external command, operable program or batch file", then this means you do not have the .pl file extension associated with …
In the distant past (last year) I hacked together a little toy that would allow a couple of Manager types to query, preview, and extract data from a number of MongoDB instances, to their tool of choice: Excel (http://dilbert.com/strips/comic/2007-08…
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now