inotify.md

inotify for system call monitoring

On ds-517

yum install inotify-tools
inotifywait -d -r -m /mnt/ceph -o /tmp/inotify.txt --timefmt "%FT%T%z" --format '{"time": "%T","watched": "%w","file":"%f","events":"%e"}'

Add the repo

[elasticsearch]
name=Elasticsearch repository for 6.x packages
baseurl=https://artifacts.elastic.co/packages/6.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=1
autorefresh=1
type=rpm-md

Install filebeat

yum install filebeat

change the default configuration file /etc/filebeat/filebeat.yml:

output.logstash:
  # The Logstash hosts
  hosts: ["131.154.184.63:5044"]

start and enable the service.

Activate logrotate

/tmp/inotify.txt
{
    missingok
    daily
    copytruncate
    rotate 7
    compress
    olddir /root/inotify
    su root root
}