A script to monitor files in AIX (Unix)

I have a folder that has 4 files in it. At some random time, a process deletes one of the files. I do not know the process that is doing it and I want to narrow down a few things..

I want to:

Scan the files based on a cron job.
If a file is missing, possible log process that are running to a file.
Send a email to a user or two saying that file is missing

I will use a smtp server that is on a diffrent system.

Operating system is AIX 6.1
JCS_UnlimitedAsked:
Who is Participating?
 
JCS_UnlimitedAuthor Commented:
Although this may work. I do not have high enough rights to configure it.

I was hoping for something independent.
0
 
woolmilkporcCommented:
Hi,

counting files, sending email if one or more are missing, and listing processes is not that difficult, yet I doubt that this will really help you.

Anyway, you could simply do this (assuming there must be at the minimum 4 files in /folder):

[ $(ls /folder | wc -l) -lt 4 ] && ps -ef | mailx -s "File(s) missing in /folder !" recipient@domain.tld

This will send the process list in the email body.

As for running the above every minute via cron, issue "crontab -e" and add the line

* * * * * [ $(ls /folder | wc -l) -lt 4 ]  && ps -ef | mailx -s "File(s) missing in /folder !"  recipient@domain.tld

Since ls, wc, ps and mailx are all in /usr/bin - no need to add full paths.

Please take note that once a file is missing, you will get an email every minute!

As for the smtp server - is this server known to your local sendmail system?

If not, and if the server is in a different domain, modify the DS entry in /etc/sendmail.cf, else if the server is in the same domain, modify the DH entry:

DS smtp:smtpserver.domain.tld
or

DH smtp:smtpserver.$m

Don't forget to refrsh the sendmail daemon:

refresh -s sendmail

Good luck!

wmp






0
2018 Annual Membership Survey

Here at Experts Exchange, we strive to give members the best experience. Help us improve the site by taking this survey today! (Bonus: Be entered to win a great tech prize for participating!)

 
shajithchandranCommented:
why dont you try probevue. You can put a probe on unlink system call. If the file name passed to unlink matches your file name, log the pid and ppid of the process. If the process directly called unlink, you can get the pid to get the process. If the process has executed rm command, then ppid will get the your process.
0
 
woolmilkporcCommented:
@shajithchandran,
the author wrote in http:#a29362032 "I do not have high enough rights to configure it"
If he/she doesn't have enough privileges to configure auditing, I'm rather sure that there will be no chance to run probevue!
wmp
 
0
 
JCS_UnlimitedAuthor Commented:

Sorry, I thought I closed this question

I ended up using Rowley's link, although it took me a few weeks to get through the red tape.
0
All Courses

From novice to tech pro — start learning today.