### inotify for system call monitoring
On `ds-517`
```
yum install inotify-tools
inotifywait -d -r -m /mnt/ceph -o /tmp/inotify.txt --timefmt "%FT%T%z" --format '{"time": "%T","watched": "%w","file":"%f","events":"%e"}'
```
Add the repo
```
[elasticsearch]
name=Elasticsearch repository for 6.x packages
baseurl=https://artifacts.elastic.co/packages/6.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=1
autorefresh=1
type=rpm-md
```
Install filebeat
```
yum install filebeat
```
change the default configuration file `/etc/filebeat/filebeat.yml`:
```
output.logstash:
  # The Logstash hosts
  hosts: ["131.154.184.63:5044"]

```
start and enable the service.
## Activate logrotate
```
/tmp/inotify.txt
{
    missingok
    daily
    copytruncate
    rotate 7
    compress
    olddir /root/inotify
    su root root
}

```