Back to Commands

inotifywatch

monitoringLinux
The inotifywatch command is one of the most frequently used commands in Linux/Unix-like operating systems. inotifywatch Gather filesystem access statistics using inotify
See ExamplesView Syntax

Quick Reference

Command Name:

inotifywatch

Category:

monitoring

Platform:

Linux

Basic Usage:

inotifywatch [options] [arguments]

Common Use Cases

    Syntax

    inotifywatch [options] [file/directory...]

    Options

    Option Description
    -r, --recursive Watch directories recursively
    -e, --event EVENT Watch for specific event(s) only (access, modify, attrib, close_write, close_nowrite, close, open, moved_to, moved_from, move, move_self, create, delete, delete_self, unmount)
    --exclude PATTERN Exclude files matching this regular expression
    --excludei PATTERN Like --exclude but case insensitive
    --include PATTERN Include only files matching this regular expression
    --includei PATTERN Like --include but case insensitive
    -t, --timeout SECONDS Listen only for SECONDS seconds
    -s, --statistics Output statistics instead of normal output
    -a, --ascending Sort statistics by ascending order
    -d, --descending Sort statistics by descending order
    -z, --zero Include entries with zero events in statistics
    --fromfile FILENAME Read files to watch from FILENAME, one per line
    -h, --help Show help message
    -v, --verbose Be verbose
    --version Output version information and exit

    Examples

    How to Use These Examples

    The examples below show common ways to use the inotifywatch command. Try them in your terminal to see the results. You can copy any example by clicking on the code block.

    # Basic Examples Basic
    inotifywatch -v -e access -e modify -t 60 /path/to/file
    Watch a file for access and modify events for 60 seconds and display statistics.
    inotifywatch -v -r /path/to/directory
    Watch a directory recursively for all events and display statistics.
    # Advanced Examples Advanced
    inotifywatch -v -r -e create,modify,delete -t 600 /path/to/watch Monitor a directory recursively for create, modify, and delete events for 10 minutes. inotifywatch -v -e access -e modify -t 3600 -a /var/log/syslog Watch syslog for an hour, accumulating statistics on both accesses and modifications. inotifywatch -v -r --exclude '.*\.tmp$' -t 300 /path/to/watch Monitor a directory recursively for 5 minutes but exclude temporary files with .tmp extension. inotifywatch -v -r -e open,close -t 1800 /home/user/Documents Monitor the Documents directory for file openings and closings for 30 minutes. inotifywatch -v -r -e access -e modify --fromfile watchlist.txt Monitor files and directories listed in watchlist.txt for access and modify events.

    Try It Yourself

    Practice makes perfect! The best way to learn is by trying these examples on your own system with real files.

    Understanding Syntax

    Pay attention to the syntax coloring: commands, options, and file paths are highlighted differently.

    Notes

    The inotifywatch command is a utility that uses Linux's inotify subsystem to collect and report statistics about file system events. It's part of the inotify-tools package, alongside inotifywait, but focuses on gathering statistical information rather than triggering immediate actions. Key features of inotifywatch: 1. Statistical Analysis: Unlike inotifywait which reports events as they happen, inotifywatch collects and summarizes file system events over a period of time, providing counts of different event types. 2. Time-Limited Monitoring: The -t (timeout) option allows you to specify how long inotifywatch should collect data before reporting statistics and exiting. 3. Event Filtering: Similar to inotifywait, you can use the -e option to specify which file system events to monitor, such as file creation, modification, deletion, access, etc. 4. Recursive Monitoring: The -r option enables recursive watching of directories, allowing you to gather statistics across entire directory trees. 5. Sorting Options: The -a and -d flags let you sort the statistical output in ascending or descending order based on the number of events, helping to identify the most or least active files. 6. Filtering Capabilities: You can include or exclude files from monitoring based on regular expressions, allowing you to focus on specific files or ignore certain patterns. 7. Input from File: The --fromfile option allows you to specify a list of files and directories to watch from a file, which can be useful for monitoring a large number of specific paths. inotifywatch is particularly useful for: - Identifying which files or directories are most frequently accessed or modified in a system - Analyzing patterns of file system activity over time - Debugging applications by monitoring their file interaction patterns - Performance analysis by understanding which files are hotspots for activity - Capacity planning by measuring file activity levels Like inotifywait, inotifywatch is Linux-specific as it relies on the inotify API. It's worth noting that there are system limits on the number of inotify watches that can be established, which may need to be increased when monitoring large directory structures or running for extended periods of time. The output of inotifywatch provides a clear summary of events, making it a valuable tool for system administrators and developers who need to understand file system activity patterns.

    Related Commands

    These commands are frequently used alongside inotifywatch or serve similar purposes:

    inotifywait
    fswatch
    watchman
    stat
    find
    iostat
    iotop
    Explore All Commands

    Use Cases

    Learn By Doing

    The best way to learn Linux commands is by practicing. Try out these examples in your terminal to build muscle memory and understand how the inotifywatch command works in different scenarios.

    See ExamplesTry Lab Exercises
    $ inotifywatch
    View All Commands