A script to monitor files in AIX (Unix)

I have a folder that has 4 files in it. At some random time, a process deletes one of the files. I do not know the process that is doing it and I want to narrow down a few things..

I want to:

Scan the files based on a cron job.
If a file is missing, possible log process that are running to a file.
Send a email to a user or two saying that file is missing

I will use a smtp server that is on a diffrent system.

Operating system is AIX 6.1
JCS_UnlimitedAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
JCS_UnlimitedAuthor Commented:
Although this may work. I do not have high enough rights to configure it.

I was hoping for something independent.
0
woolmilkporcCommented:
Hi,

counting files, sending email if one or more are missing, and listing processes is not that difficult, yet I doubt that this will really help you.

Anyway, you could simply do this (assuming there must be at the minimum 4 files in /folder):

[ $(ls /folder | wc -l) -lt 4 ] && ps -ef | mailx -s "File(s) missing in /folder !" recipient@domain.tld

This will send the process list in the email body.

As for running the above every minute via cron, issue "crontab -e" and add the line

* * * * * [ $(ls /folder | wc -l) -lt 4 ]  && ps -ef | mailx -s "File(s) missing in /folder !"  recipient@domain.tld

Since ls, wc, ps and mailx are all in /usr/bin - no need to add full paths.

Please take note that once a file is missing, you will get an email every minute!

As for the smtp server - is this server known to your local sendmail system?

If not, and if the server is in a different domain, modify the DS entry in /etc/sendmail.cf, else if the server is in the same domain, modify the DH entry:

DS smtp:smtpserver.domain.tld
or

DH smtp:smtpserver.$m

Don't forget to refrsh the sendmail daemon:

refresh -s sendmail

Good luck!

wmp






0
Cloud Class® Course: CompTIA Healthcare IT Tech

This course will help prep you to earn the CompTIA Healthcare IT Technician certification showing that you have the knowledge and skills needed to succeed in installing, managing, and troubleshooting IT systems in medical and clinical settings.

shajithchandranCommented:
why dont you try probevue. You can put a probe on unlink system call. If the file name passed to unlink matches your file name, log the pid and ppid of the process. If the process directly called unlink, you can get the pid to get the process. If the process has executed rm command, then ppid will get the your process.
0
woolmilkporcCommented:
@shajithchandran,
the author wrote in http:#a29362032 "I do not have high enough rights to configure it"
If he/she doesn't have enough privileges to configure auditing, I'm rather sure that there will be no chance to run probevue!
wmp
 
0
JCS_UnlimitedAuthor Commented:

Sorry, I thought I closed this question

I ended up using Rowley's link, although it took me a few weeks to get through the red tape.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
System Programming

From novice to tech pro — start learning today.