It is an honor to be featured in Gartner 2019 Magic Quadrant for Datacenter Backup and Recovery Solutions. Gartner’s MQ sets a high standard and earning a place on their grid is a great affirmation that Acronis is delivering on our mission to protect all data, apps, and systems.
Linux shell script to monitor changed files
Hi,
I am trying to write a shell script to monitor file changes in Red hat linux but had some problems.
=============filemod.sh===
#!/bin/bash
dir=/
freq='-1'
email=me@domain.com
udate=`date +%y-%m-%d`
utime=`date +%H:%M`
check=`find $dir -mtime $freq -type f -exec ls -lh {} \;`
count=`cat $check | wc -l`
if [ $count -gt 0 ]
then
sub="Attention! $count File Modified on $udate at $utime"
echo `cat $check` | mail -s "$sub" $email
else
echo "no files were modified on $udate at $utime
fi
fi
I have problems to execute the script. Can someone please optimize it or correct it. I need this report should email on dialy basis for every day (so may be -1 should ok?) and also use cron for this
thanks
I am trying to write a shell script to monitor file changes in Red hat linux but had some problems.
=============filemod.sh===
#!/bin/bash
dir=/
freq='-1'
email=me@domain.com
udate=`date +%y-%m-%d`
utime=`date +%H:%M`
check=`find $dir -mtime $freq -type f -exec ls -lh {} \;`
count=`cat $check | wc -l`
if [ $count -gt 0 ]
then
sub="Attention! $count File Modified on $udate at $utime"
echo `cat $check` | mail -s "$sub" $email
else
echo "no files were modified on $udate at $utime
fi
fi
I have problems to execute the script. Can someone please optimize it or correct it. I need this report should email on dialy basis for every day (so may be -1 should ok?) and also use cron for this
thanks
Do more with
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
find: /proc/5412/task/5412/fd/4:
find: /proc/5412/fd/4: No such file or directory
./file-mod.sh: line 9: /bin/cat: Argument list too long
./file-mod.sh: line 16: unexpected EOF while looking for matching `"'
./file-mod.sh: line 19: syntax error: unexpected end of file
find: /proc/5412/fd/4: No such file or directory
./file-mod.sh: line 9: /bin/cat: Argument list too long
./file-mod.sh: line 16: unexpected EOF while looking for matching `"'
./file-mod.sh: line 19: syntax error: unexpected end of file
The first 2 errors are from transitory files that only exist for milliseconds, so have disappered, you can ignore these.
Cat error on line 9 - obviously you are generating an enormous list of file where modified in the last day (probably every log file, database file etc). Cat just cannot handle this huge volume of text.
line 16
echo "no files were modified on $udate at $utime
should be
echo "no files were modified on $udate at $utime"
Cat error on line 9 - obviously you are generating an enormous list of file where modified in the last day (probably every log file, database file etc). Cat just cannot handle this huge volume of text.
line 16
echo "no files were modified on $udate at $utime
should be
echo "no files were modified on $udate at $utime"
#!/bin/bash
dir=/
freq='-1'
email=me@domain.com
logfile="/path/to/logfile"
udate=`date +%y-%m-%d`
utime=`date +%H:%M`
check=`find $dir -mtime $freq -type f -exec ls -lh {} \; 2>/dev/null`
count=`echo $check | wc -l`
if [ $count -gt 0 ]
then
sub="Attention! $count File Modified on $udate at $utime"
echo $check | mail -s "$sub" $email
echo "$sub" >> $logfile
else
echo "no files were modified on $udate at $utime" >> $logfile
fi
I added writing to a logfile because cron doesn't really like commands writing to stdout/stderr (will send the output to the owner of the crontab per email).
Run the script via cron at 8:00 A.M.:
0 8 * * * /path/to/script >/dev/null 2>&1
dir=/
freq='-1'
email=me@domain.com
logfile="/path/to/logfile"
udate=`date +%y-%m-%d`
utime=`date +%H:%M`
check=`find $dir -mtime $freq -type f -exec ls -lh {} \; 2>/dev/null`
count=`echo $check | wc -l`
if [ $count -gt 0 ]
then
sub="Attention! $count File Modified on $udate at $utime"
echo $check | mail -s "$sub" $email
echo "$sub" >> $logfile
else
echo "no files were modified on $udate at $utime" >> $logfile
fi
I added writing to a logfile because cron doesn't really like commands writing to stdout/stderr (will send the output to the owner of the crontab per email).
Run the script via cron at 8:00 A.M.:
0 8 * * * /path/to/script >/dev/null 2>&1
Thanks. It looks to be working. But the Email I got with weird text init. Here is the example
1 root root 0 May 16 06:39 /proc/kallsyms -r--r--r-- 1 root r!
oot 0 Ma
y 16 06:39 /proc/dma -r--r--r-- 1 root root 0 May 16 06:39 /proc/iomem -r--r--r-- 1 root root 0 May 16 06:39 /proc/ioports -r--r--r-- 1 root root 0 May 16 06:39 /proc/misc -r--r--r-- 1 root root 0 May 16 06:39 /proc/acpi/button/power/PW
0 May 16 06:39 /proc/acpi/processor/CPU3/
9 /proc/acpi/dsdt -r--r--r-- 1 root root 0 May 16 06:39 /proc/!
acpi/inf
o -r--r--r-- 1 root root 0 May 16 06:39 /proc/fb -rw------- 1 root root 0 May 16 06:39 /proc/irq/98/smp_affinity -rw------- 1 root root 0 May 16 06:39 /proc/irq/90/smp_affinity -rw------- 1 root root 0 May 16 06:39 /proc/irq/82/smp_affinity -rw------- 1 root root 0 May 16 06:39 /proc/irq/74/smp_affinity -rw------- 1 root root 0 May 16 06:39 /proc/irq/15/smp_affinity -rw------- 1 root root 0 May 16 06:39 /proc/irq/14/smp_affinity -rw------- 1 root root 0 May 16 06:39 /proc/irq/13/smp_affinity -rw------- 1 root root 0 May 16 06:39 /proc/irq/12/smp_affinity -rw------- 1 root root 0 May 16 06:39 /proc/irq/11/smp_affinity -rw------- 1 root root 0 May 16 06:39 /proc/irq/10/smp_affinity -rw------- 1 root root 0 May 16 06:39 /proc/irq/9/smp_affinity -rw------- 1 root root 0 May 16 06:39 /proc/irq/8/smp_affinity -rw------- 1 root root 0 May 16 06:39 /proc/irq/7/smp_affinity -rw------- 1 root root 0 May 16 06:39 /proc/irq/6/smp_affinity -rw------- 1 root root 0 May 16 06:39 /proc/irq/!
5/smp_affinity -rw------- 1 root root 0 May 16 06:39 /proc/irq/4/smp_affinity -rw------- 1 root root 0 May 16 06:39 /proc/irq/3/smp_affinity -rw------- 1 root root 0 May 16 06:39 /proc/irq/2/smp_affinity -rw------- 1 root root 0 May 16 06:39 /proc/irq/1/smp_affinity -rw------- 1 root root 0 May 16 06:39 /proc/irq/0/smp_affinity -rw-r--r-- 1 root root 256 May 16 06:39 /proc/bus/pci/01/04.6 -rw-r--r-- 1 root root 256 May 16 06:39 /proc/bus/pci/01/04.4 -rw-r--r-- 1 root root 256 May 16 06:39 /proc/bus/pci/01/04.2 -rw-r--r-- 1 root root 256 May 16 06:39 /proc/bus/pci/01/04.0 -rw-r--r-- 1 root root 256 May 16 06:39 /proc/bus/pci/03/04.1 -rw-r--r-- 1 root root 256 May 16 06:39 /proc/bus/pci/03/04.0 -rw-r--r-- 1 root root 256 May 16 06:39 /proc/bus/pci/02/00.0 -rw-r--r-- 1 root root 256 May 16 06:39 /proc/bus/pci/00/1f.5 -rw-r--r-- 1 root root 256 May 16 06:39 /proc/bus/pci/00/1f.2 -rw-r--r-- 1 root root 256 May 16 06:39 /proc/bus/pci/00/1f.0 -rw-r--r-- 1 root root 256 May 16 06:3!
9 /proc/bus/pci/00/1e.0 -rw-r--r-- 1 root root 256 May 16 06:3!
9 /proc/
How can we make this to a proper alignment? like copying the whole data to a text file and then read from it??
thanks
1 root root 0 May 16 06:39 /proc/kallsyms -r--r--r-- 1 root r!
oot 0 Ma
y 16 06:39 /proc/dma -r--r--r-- 1 root root 0 May 16 06:39 /proc/iomem -r--r--r-- 1 root root 0 May 16 06:39 /proc/ioports -r--r--r-- 1 root root 0 May 16 06:39 /proc/misc -r--r--r-- 1 root root 0 May 16 06:39 /proc/acpi/button/power/PW
0 May 16 06:39 /proc/acpi/processor/CPU3/
9 /proc/acpi/dsdt -r--r--r-- 1 root root 0 May 16 06:39 /proc/!
acpi/inf
o -r--r--r-- 1 root root 0 May 16 06:39 /proc/fb -rw------- 1 root root 0 May 16 06:39 /proc/irq/98/smp_affinity -rw------- 1 root root 0 May 16 06:39 /proc/irq/90/smp_affinity -rw------- 1 root root 0 May 16 06:39 /proc/irq/82/smp_affinity -rw------- 1 root root 0 May 16 06:39 /proc/irq/74/smp_affinity -rw------- 1 root root 0 May 16 06:39 /proc/irq/15/smp_affinity -rw------- 1 root root 0 May 16 06:39 /proc/irq/14/smp_affinity -rw------- 1 root root 0 May 16 06:39 /proc/irq/13/smp_affinity -rw------- 1 root root 0 May 16 06:39 /proc/irq/12/smp_affinity -rw------- 1 root root 0 May 16 06:39 /proc/irq/11/smp_affinity -rw------- 1 root root 0 May 16 06:39 /proc/irq/10/smp_affinity -rw------- 1 root root 0 May 16 06:39 /proc/irq/9/smp_affinity -rw------- 1 root root 0 May 16 06:39 /proc/irq/8/smp_affinity -rw------- 1 root root 0 May 16 06:39 /proc/irq/7/smp_affinity -rw------- 1 root root 0 May 16 06:39 /proc/irq/6/smp_affinity -rw------- 1 root root 0 May 16 06:39 /proc/irq/!
5/smp_affinity -rw------- 1 root root 0 May 16 06:39 /proc/irq/4/smp_affinity -rw------- 1 root root 0 May 16 06:39 /proc/irq/3/smp_affinity -rw------- 1 root root 0 May 16 06:39 /proc/irq/2/smp_affinity -rw------- 1 root root 0 May 16 06:39 /proc/irq/1/smp_affinity -rw------- 1 root root 0 May 16 06:39 /proc/irq/0/smp_affinity -rw-r--r-- 1 root root 256 May 16 06:39 /proc/bus/pci/01/04.6 -rw-r--r-- 1 root root 256 May 16 06:39 /proc/bus/pci/01/04.4 -rw-r--r-- 1 root root 256 May 16 06:39 /proc/bus/pci/01/04.2 -rw-r--r-- 1 root root 256 May 16 06:39 /proc/bus/pci/01/04.0 -rw-r--r-- 1 root root 256 May 16 06:39 /proc/bus/pci/03/04.1 -rw-r--r-- 1 root root 256 May 16 06:39 /proc/bus/pci/03/04.0 -rw-r--r-- 1 root root 256 May 16 06:39 /proc/bus/pci/02/00.0 -rw-r--r-- 1 root root 256 May 16 06:39 /proc/bus/pci/00/1f.5 -rw-r--r-- 1 root root 256 May 16 06:39 /proc/bus/pci/00/1f.2 -rw-r--r-- 1 root root 256 May 16 06:39 /proc/bus/pci/00/1f.0 -rw-r--r-- 1 root root 256 May 16 06:3!
9 /proc/bus/pci/00/1e.0 -rw-r--r-- 1 root root 256 May 16 06:3!
9 /proc/
How can we make this to a proper alignment? like copying the whole data to a text file and then read from it??
thanks
Sorry, I overlooked these:
...
count=`echo "$check" | wc -l`
...
echo "$check" | mail -s "$sub" $email
It's a matter of the quotation marks around "$check". They're needed to preserve the linefeeds!
...
count=`echo "$check" | wc -l`
...
echo "$check" | mail -s "$sub" $email
It's a matter of the quotation marks around "$check". They're needed to preserve the linefeeds!
awesome, its looks great now. Last question, the above output gives me around 37858 files were modified for a day. Is there anyway to look only certain specified folders or file systems like
dir=/etc
dir=/opt
dir=/var
can we search for files only in above directories with the above script?
woolmilkporc, thanks for helping
thanks
dir=/etc
dir=/opt
dir=/var
can we search for files only in above directories with the above script?
woolmilkporc, thanks for helping
thanks
Yes, of course.
Change
dir=/
to
dir="/etc /opt /var"
to search all three dirs. "find" can work on more than one path in one run.
wmp
Change
dir=/
to
dir="/etc /opt /var"
to search all three dirs. "find" can work on more than one path in one run.
wmp
Premium Content
You need an Expert Office subscription to comment.Start Free Trial