While reviewing one of my Linux hosts, I noticed that a bunch of write activity was occurring to one specific file system. I was curious to see what this write activity was, so I started reading up on the Linux inotify framework. Inotify allows you to monitor file system events, and the super useful iwatch utility provides a command line interface to the inotify framework. When iwatch is executed and passed the name of a directory on the command line, it will print all of the events that are applicable to that directory:
iwatch -v /tmp
This command line will cause a line to be printed to STDOUT each time an event is triggered due to operations taking place in /tmp. If you would prefer to get an e-mail when events occur, you can add the “-m” option to the command line:
iwatch -v -m email@example.com /tmp
This utility rocks, and I hope Solaris will provide a similar utility to take advantage of their notification framework.