How to Monitor New File Creation in Linux Directory with Watch Command and Trigger Scripts


6 views

When managing Linux systems, we often need to monitor directories for new file creations and trigger actions accordingly. The standard watch command combined with ls provides visual feedback but lacks automation capabilities.

While your initial approach:

watch -d 'ls -l /usr/local/mydir/ | fgrep john'

shows changes visually, it doesn't:

  • Trigger automated responses
  • Track only new creations (modifications trigger same output)
  • Handle edge cases like permission changes

For production systems, I recommend using inotify-tools package which provides more robust monitoring:

inotifywait -m /usr/local/mydir/ -e create --format '%w%f' | \
while read FILE
do
  if [[ $(stat -c %U "$FILE") == "john" ]]; then
    /path/to/your/script.sh "$FILE"
  fi
done

If you absolutely cannot install additional packages, here's a shell-only solution:

#!/bin/bash

DIR="/usr/local/mydir/"
LAST_COUNT=$(ls -1 "$DIR" | wc -l)

while true; do
  CURRENT_COUNT=$(ls -1 "$DIR" | wc -l)
  
  if [ "$CURRENT_COUNT" -gt "$LAST_COUNT" ]; then
    NEW_FILE=$(ls -t "$DIR" | head -1)
    OWNER=$(stat -c %U "$DIR/$NEW_FILE")
    
    if [ "$OWNER" == "john" ]; then
      /path/to/your/script.sh "$DIR/$NEW_FILE"
    fi
  fi
  
  LAST_COUNT=$CURRENT_COUNT
  sleep 5
done

The shell-only method has significant limitations:

  • High CPU usage with large directories
  • Race conditions possible between checks
  • Doesn't handle file deletions gracefully

For mission-critical systems, consider implementing a proper daemon with proper file system event handling.

If you have some flexibility:

# Using auditd (requires root)
auditctl -w /usr/local/mydir/ -p wa -k monitor_mydir

Then parse audit logs with your script.

When dealing with production systems, we often need to monitor directories for new file creations by specific users. The basic watch command shown in the question highlights changes but doesn't trigger actions.

Here's how to modify the command to execute a script when new files are detected:

watch -d -g 'ls -l /usr/local/mydir/ | grep john' && /path/to/your/script.sh

Key improvements:

  • -g flag exits watch when output changes
  • && executes your script after change detection

For more reliable tracking between executions:

#!/bin/bash

LAST_COUNT=$(ls -l /usr/local/mydir/ | grep -c john)

while true; do
    CURRENT_COUNT=$(ls -l /usr/local/mydir/ | grep -c john)
    if [ $CURRENT_COUNT -gt $LAST_COUNT ]; then
        /path/to/your/script.sh
        LAST_COUNT=$CURRENT_COUNT
    fi
    sleep 5
done

While you mentioned shell script limitations, inotifywait (part of inotify-tools package) is worth mentioning for completeness:

inotifywait -m -e create --format '%w%f' /usr/local/mydir/ | \
while read FILE
do
    if [ $(stat -c %U "$FILE") = "john" ]; then
        /path/to/your/script.sh "$FILE"
    fi
done

For enterprise environments, consider:

  • Adding logging to track monitoring activity
  • Implementing lock files to prevent concurrent executions
  • Setting proper permissions for the monitoring script
# Sample logging implementation
LOG_FILE="/var/log/file_monitor.log"
echo "$(date): Monitoring started for /usr/local/mydir/" >> $LOG_FILE

Always include basic error handling:

if [ ! -d "/usr/local/mydir/" ]; then
    echo "Error: Directory not found" >&2
    exit 1
fi