mg4377娱乐娱城官网_mg4377娱乐手机版_www.mg4377.com

Python日志监控,pyinotify日志监察和控制体系管理

时间:2019-06-01 22:09来源:mg4377娱乐手机版
前言 Python pyinotify日志监察和控制系统处理日志的点子,pythonpyinotify 前言 新近项目中相遇三个用于监控日志文件的Python包pyinotify,结合本身的体系经验和网络的1部分素材计算一下,总

前言

Python pyinotify日志监察和控制系统处理日志的点子,pythonpyinotify

前言

新近项目中相遇三个用于监控日志文件的Python包pyinotify,结合本身的体系经验和网络的1部分素材计算一下,总的原理是选取pyinotify模块监控日志文件夹,当日志到来的情形下,触发相应的函数进行管理,管理实现后删除日志文件的进程,下边就主要介绍下pyinotify

pyinotify

Python日志监控,pyinotify日志监察和控制体系管理日志的方法。Pyinotify是叁个Python模块,用来监测文件系统的成形。 Pyinotify正视于Linux内核的效率—inotify(内核2.6.1三联合)。 inotify的是3个事件驱动的公告器,其打招呼接口通过多少个连串调用从基础空间到用户空间。pyinotify结合这么些系统调用,并提供三个伍星级的聊以自慰和贰个通用的点子来拍卖那么些职能。

  1. pyinotify 说百了尽管通过 调用系统的inotify来完成公告的
  2. inotify 既能够监视文件,也能够监视目录
  3. Inotify 使用系统调用而非 SIGIO 来布告文件系统事件。

Inotify 能够监视的文件系统事件包蕴:

Event Name Is an Event Description
IN_ACCESS Yes file was accessed.
IN_ATTRIB Yes metadata changed.
IN_CLOSE_NOWRITE Yes unwrittable file was closed.
IN_CLOSE_WRITE Yes writtable file was closed.
IN_CREATE Yes file/dir was created in watched directory.
IN_DELETE Yes file/dir was deleted in watched directory.
IN_DELETE_SELF Yes 自删除,即一个可执行文件在执行时删除自己
IN_DONT_FOLLOW No don't follow a symlink (lk 2.6.15).
IN_IGNORED Yes raised on watched item removing. Probably useless for you, prefer instead IN_DELETE*.
IN_ISDIR No event occurred against directory. It is always piggybacked to an event. The Event structure automatically provide this information (via .is_dir)
IN_MASK_ADD No to update a mask without overwriting the previous value (lk 2.6.14). Useful when updating a watch.
IN_MODIFY Yes file was modified.
IN_MOVE_SELF Yes 自移动,即一个可执行文件在执行时移动自己
IN_MOVED_FROM Yes file/dir in a watched dir was moved from X. Can trace the full move of an item when IN_MOVED_TO is available too, in this case if the moved item is itself watched, its path will be updated (see IN_MOVE_SELF).
IN_MOVED_TO Yes file/dir was moved to Y in a watched dir (see IN_MOVE_FROM).
IN_ONLYDIR No only watch the path if it is a directory (lk 2.6.15). Usable when calling .add_watch.
IN_OPEN Yes file was opened.
IN_Q_OVERFLOW Yes event queued overflowed. This event doesn't belongs to any particular watch.
IN_UNMOUNT Yes 宿主文件系统被 umount

IN_ACCESS,即文件被访问

IN_MODIFY,文件被write

IN_ATT奥迪Q三IB,文件属性被改换,如chmod、chown、touch等

IN_CLOSE_W索罗德ITE,可写文件被close

IN_CLOSE_NOWPAJEROITE,不可写文件被close

IN_OPEN,文件被open

IN_MOVED_FROM,文件被移走,如mv

IN_MOVED_TO,文件被移来,如mv、cp

IN_CREATE,创设新文件

IN_DELETE,文件被去除,如rm

IN_DELETE_SELF,自删除,即1个可实践文件在实践时去除自身

IN_MOVE_SELF,自活动,即3个可施行文件在实行时移动自个儿

IN_UNMOUNT,宿主文件系统被umount

IN_CLOSE,文件被关闭,等同于(IN_CLOSE_WRITE | IN_CLOSE_NOWRITE)

IN_MOVE,文件被挪动,等同于(IN_MOVED_FROM | IN_MOVED_TO)

pyinotify使用例子

#!/usr/bin/python
# coding:utf-8
import os
from pyinotify import WatchManager, Notifier,ProcessEvent,IN_DELETE, IN_CREATE,IN_MODIFY
class EventHandler(ProcessEvent):

 """事件处理"""
 def process_IN_CREATE(self, event):
 print "Create file: %s " % os.path.join(event.path,event.name)

 def process_IN_DELETE(self, event):
 print "Delete file: %s " % os.path.join(event.path,event.name)

 def process_IN_MODIFY(self, event):
 print "Modify file: %s " % os.path.join(event.path,event.name)


def FSMonitor(path='.'):
 wm = WatchManager() 
 mask = IN_DELETE | IN_CREATE |IN_MODIFY
 notifier = Notifier(wm, EventHandler())
 wm.add_watch(path, mask,auto_add=True,rec=True)
 print 'now starting monitor %s'%(path)
 while True:
 try:
  notifier.process_events()
  if notifier.check_events():
  notifier.read_events()
 except KeyboardInterrupt:
  notifier.stop()
  break
if __name__ == "__main__":
 FSMonitor('/root/softpython/apk_url') 

以上正是本文的全部内容,希望对大家的求学抱有协理,也期望我们多多帮衬帮客之家。

pyinotify日志监察和控制系统管理日志的法子,pythonpyinotify 前言 近来项目中相遇二个用来监察和控制日志文件的Python包pyinotify,结合自个儿的体系经验...

前言

不久前项目中蒙受1个用以监察和控制日志文件的Python包pyinotify,结合本人的品种经验和英特网的有的材质总结一下,总的原理是使用pyinotify模块监察和控制日志文件夹,当日志到来的情景下,触发相应的函数举办管理,管理完成后去除日志文件的历程,上面就重视介绍下pyinotify

Python日志监察和控制(发音版)

图片 1

上个月有心上人让补助做1个日记监控的台本,供给如下:

  • 1.windows环境
  • 贰.当匹配日志关键字时会发出声音,相称的机要字差异,播放的声响分裂
  • 3.能做到实时响应

于是乎从网上找了个windows版的tail,使用python轻巧写了个小本子,代码如下:

图片 2

#!/usr/bin/env python# encoding: utf-8"""MonitorLog.pyUsage: MonitorLog.py ...Monitor the log file-f  log file-h  help infopython MonitorLog.py -f C:monitor.logCreated by zhoubo on 2011-08-29."""import sysimport osimport getoptimport subprocessimport timeimport codecsimport winsoundABSPATH = os.path.dirname(os.path.abspath(__file__))MONITERCONF = 'moniter_keyword.txt' #utf8 filedef main():    try:        opts, args = getopt.getopt(sys.argv[1:], 'hf:')    except getopt.GetoptError, err:        print str(err)        print __doc__        return 1        path = ''    for k, v in opts:        if k == '-f':            path = v        elif k == '-h':            print __doc__            return 0    if not (path and os.path.exists(path)):        print 'Invalid path: %s' % path         print __doc__        return 2        #命令行元组    cmd = ('tail', '-f', path)    print ' '.join(cmd)    output = subprocess.Popen(cmd, stdout=subprocess.PIPE)        keywordMap = {}    #加载监控的关键字信息    with codecs.open(os.path.join(ABSPATH, MONITERCONF), 'r', 'utf8') as f:        lines = f.readlines()    for line in lines:        line = line.strip()        if not line:            continue        keyword, wav = line.strip().split(':')        keywordMap[keyword] = wav        while True:        line = output.stdout.readline()        #process code,得到输出信息后的处理代码        if not line:            time.sleep(0.01)            continue        line = line.strip().decode('utf8')        print line        for keyword in keywordMap:            if line.find(keyword) > -1:                winsound.PlaySound(keywordMap[keyword],                                    winsound.SND_NODEFAULT)        #time.sleep(0.01)    return 0if __name__ == '__main__':    sys.exit(main())

图片 3

其中moniter_keyword.txt格式为keyword:sound.wav 示例文件如下:

192.168.8.84:1.wavsha1:3.wavdownload:2.wav

后一个月有对象让支持做八个日记监控的台本,须要如下: 一.windows遭受贰.当相称日志关键字时会发出声音,相称...

不久前项目中遇见二个用以监察和控制日志文件的Python包pyinotify,结合自身的品种经验和互连网的壹部分质地总括一下,总的原理是使用pyinotify模块监察和控制日志文件夹,当日志到来的情状下,触发相应的函数举办拍卖,管理达成后删除日志文件的历程,上面就首要介绍下pyinotify

pyinotify

Pyinotify是1个Python模块,用来监测文件系统的扭转。 Pyinotify依赖于Linux内核的功能—inotify(内核贰.陆.一三统一)。 inotify的是一个事件驱动的文告器,其照管接口通过四个系统调用从水源空间到用户空间。pyinotify结合那一个种类调用,并提供1个一品的空洞和叁个通用的章程来管理那个功用。

  • pyinotify 说百了不畏经过 调用系统的inotify来完结公告的
  • inotify 既能够监视文件,也足以监视目录
  • Inotify 使用系统调用而非 SIGIO 来打招呼文件系统事件。

pyinotify

Inotify 能够监视的文件系统事件蕴涵:

Event Name Is an Event Description
IN_ACCESS Yes file was accessed.
IN_ATTRIB Yes metadata changed.
IN_CLOSE_NOWRITE Yes unwrittable file was closed.
IN_CLOSE_WRITE Yes writtable file was closed.
IN_CREATE Yes file/dir was created in watched directory.
IN_DELETE Yes file/dir was deleted in watched directory.
IN_DELETE_SELF Yes 自删除,即一个可执行文件在执行时删除自己
IN_DONT_FOLLOW No don't follow a symlink (lk 2.6.15).
IN_IGNORED Yes raised on watched item removing. Probably useless for you, prefer instead IN_DELETE*.
IN_ISDIR No event occurred against directory. It is always piggybacked to an event. The Event structure automatically provide this information (via .is_dir)
IN_MASK_ADD No to update a mask without overwriting the previous value (lk 2.6.14). Useful when updating a watch.
IN_MODIFY Yes file was modified.
IN_MOVE_SELF Yes 自移动,即一个可执行文件在执行时移动自己
IN_MOVED_FROM Yes file/dir in a watched dir was moved from X. Can trace the full move of an item when IN_MOVED_TO is available too, in this case if the moved item is itself watched, its path will be updated (see IN_MOVE_SELF).
IN_MOVED_TO Yes file/dir was moved to Y in a watched dir (see IN_MOVE_FROM).
IN_ONLYDIR No only watch the path if it is a directory (lk 2.6.15). Usable when calling .add_watch.
IN_OPEN Yes file was opened.
IN_Q_OVERFLOW Yes event queued overflowed. This event doesn't belongs to any particular watch.
IN_UNMOUNT Yes 宿主文件系统被 umount
IN_ACCESS,即文件被访问
IN_MODIFY,文件被write
IN_ATTRIB,文件属性被修改,如chmod、chown、touch等
IN_CLOSE_WRITE,可写文件被close
IN_CLOSE_NOWRITE,不可写文件被close
IN_OPEN,文件被open
IN_MOVED_FROM,文件被移走,如mv
IN_MOVED_TO,文件被移来,如mv、cp
IN_CREATE,创建新文件
IN_DELETE,文件被删除,如rm
IN_DELETE_SELF,自删除,即一个可执行文件在执行时删除自己
IN_MOVE_SELF,自移动,即一个可执行文件在执行时移动自己
IN_UNMOUNT,宿主文件系统被umount
IN_CLOSE,文件被关闭,等同于(IN_CLOSE_WRITE | IN_CLOSE_NOWRITE)
IN_MOVE,文件被移动,等同于(IN_MOVED_FROM | IN_MOVED_TO)

Pyinotify是2个Python模块,用来监测文件系统的变通。 Pyinotify依赖于Linux内核的功力—inotify(内核二.陆.一3联合)。 inotify的是1个事件驱动的通告器,其关照接口通过七个类别调用从基本空间到用户空间。pyinotify结合这个系统调用,并提供1个甲级的架空和二个通用的章程来管理那几个成效。

pyinotify使用例子

#!/usr/bin/python
# coding:utf-8

import os
from pyinotify import WatchManager, Notifier,ProcessEvent,IN_DELETE, IN_CREATE,IN_MODIFY

class EventHandler(ProcessEvent):
 """事件处理"""
 def process_IN_CREATE(self, event):
  print  "Create file: %s " %  os.path.join(event.path,event.name)

 def process_IN_DELETE(self, event):
  print  "Delete file: %s " %  os.path.join(event.path,event.name)

 def process_IN_MODIFY(self, event):
   print  "Modify file: %s " %  os.path.join(event.path,event.name)

def FSMonitor(path='.'):
  wm = WatchManager() 
  mask = IN_DELETE | IN_CREATE |IN_MODIFY
  notifier = Notifier(wm, EventHandler())
  wm.add_watch(path, mask,auto_add=True,rec=True)
  print 'now starting monitor %s'%(path)
  while True:
   try:
     notifier.process_events()
     if notifier.check_events():
       notifier.read_events()
   except KeyboardInterrupt:
     notifier.stop()
     break

if __name__ == "__main__":
 FSMonitor('/root/softpython/apk_url')

 

  1. pyinotify 说百了不畏经过 调用系统的inotify来实现布告的
  2. inotify 既能够监视文件,也足以监视目录
  3. Inotify 使用系统调用而非 SIGIO 来打招呼文件系统事件。

Inotify 能够监视的文件系统事件包涵:

Event Name Is an Event Description
IN_ACCESS Yes file was accessed.
IN_ATTRIB Yes metadata changed.
IN_CLOSE_NOWRITE Yes unwrittable file was closed.
IN_CLOSE_WRITE Yes writtable file was closed.
IN_CREATE Yes file/dir was created in watched directory.
IN_DELETE Yes file/dir was deleted in watched directory.
IN_DELETE_SELF Yes 自删除,即一个可执行文件在执行时删除自己
IN_DONT_FOLLOW No don't follow a symlink (lk 2.6.15).
IN_IGNORED Yes raised on watched item removing. Probably useless for you, prefer instead IN_DELETE*.
IN_ISDIR No event occurred against directory. It is always piggybacked to an event. The Event structure automatically provide this information (via .is_dir)
IN_MASK_ADD No to update a mask without overwriting the previous value (lk 2.6.14). Useful when updating a watch.
IN_MODIFY Yes file was modified.
IN_MOVE_SELF Yes 自移动,即一个可执行文件在执行时移动自己
IN_MOVED_FROM Yes file/dir in a watched dir was moved from X. Can trace the full move of an item when IN_MOVED_TO is available too, in this case if the moved item is itself watched, its path will be updated (see IN_MOVE_SELF).
IN_MOVED_TO Yes file/dir was moved to Y in a watched dir (see IN_MOVE_FROM).
IN_ONLYDIR No only watch the path if it is a directory (lk 2.6.15). Usable when calling .add_watch.
IN_OPEN Yes file was opened.
IN_Q_OVERFLOW Yes event queued overflowed. This event doesn't belongs to any particular watch.
IN_UNMOUNT Yes 宿主文件系统被 umount

编辑:mg4377娱乐手机版 本文来源:Python日志监控,pyinotify日志监察和控制体系管理

关键词: 工作学习