Attached is a README explaining how to exercise the lwatch code submitted for patch review. It illustrates some of lwatch's features.

John Dennis <>

Looking to carve out IT costs?
How to exercise the lwatch code:

1) Build lwatch

% cd sssd
% autoreconf -i -f
% make
% cd lwatch/src

2) Have lwatch tell you what it thinks are log files available to be watched
under /var/log

% sudo ./lwatch -f -r /var/log

The -f arg tells lwatch to "find" log files, the -r says to do it
recursively. Note, the list of file omits files it thinks are rotated backups
and only reports the primary log file.

3) Create default directory for lwatch sqlite database (needed for watching)

% sudo mkdir /var/lib/lwatch
% sudo chmod 777 /var/lib/lwatch

4) Run lwatch and ask it to watch ./tmp/tmp.log
 Note, the directory ./tmp does not need to exist, lwatch knows how to watch for
 the creation or destruction of any ancestor in the path and adjust accordingly.

% ./lwatch tmp/tmp.log

5) In a separate shell (shell2) create the ./tmp directory

% mkdir ./tmp

Notice lwatch reports it discovered a directory previously absent, but essential
to one of its watch targets came into existence.

6) In shell2 create the log file and put some data in it.

% date >> tmp/tmp.log

Notice that lwatch discovered the file it was watching came into existence.
Periodically lwatch wakes up and asks if any file its watching needs have its
newly added data collected and sent to the central store, this is called a

Notice that lwatch will report something like this:

REAP "/home/jdennis/src/sssd/sssd/lwatch/src/tmp/tmp.log" [0:29]

the numbers in the brackets are the begininng and end offsets in the file which
need to be reaped.

7) In shell2 append some more data to the log file

% date >> tmp/tmp.log

After lwatch wakes up to process it's reaps you see something like this:

REAP "/home/jdennis/src/sssd/sssd/lwatch/src/tmp/tmp.log" [29:58]

Notice the file offsets indicate only the newly added data needs to be collected
since the earlier data was already reaped.

8) Observe how lwatch behaves when logrotate rotates the log file.
Create a logrotate.conf file

% cat << EOF >> logrotate.conf
/home/jdennis/src/sssd/sssd/lwatch/src/tmp/tmp.log {
    rotate 5

note, you must use the full path name of the tmp.log file and adjust it for your
system. This logrotate files says keep 5 rotated backups and rotate the file
whenever it's size grows beyond 25 bytes.

Now invoke logrotate to rotate the file:

% logrotate logrotate.conf

Notice that lwatch recognized the file was renamed to tmp.log.1. It is also
important to notice that lwatch is now watching BOTH tmp.log and tmp.log.1. Why?
Because if a process had tmp.log open for writing before the rename and didn't
close and reopen the log file then it will continue to write into what is now
tmp.log.1, it might also open a new tmp.log, therefore we must watch both.

Now create and add data to the new tmp.log file

% date >> tmp/tmp.log

After waking up to process any pending reaps you'll see:

REAP "/home/jdennis/src/sssd/sssd/lwatch/src/tmp/tmp.log" [0:29]

Notice how the file offsets have been reset, lwatch knows this is now a
different version of the same file and has assigned it a new version number.
Everytime lwatch believes the file contents have been replaced it assigns a new
version number to the watched file.

9) Have lwatch dump the contents of its persistent database and observe some
important facets. The -l command line arg of lwatch "lists" the watch database.

% ./lwatch -l

path: /home/jdennis/src/sssd/sssd/lwatch/src/tmp/tmp.log
    flags:             [TARGET,STAT_DATA_VALID]
    version:           2
    reap_time:         2009-07-22T13:00:01Z (1248267601)
    reap_position:     29
    dev:               64770
    inode:             1594525
    mode:              -rw-rw-r-- (0100664)
    uid:gid:           jdennis:jdennis (3596:3596)
    size:              29
    access_time:       2009-07-22T12:59:50Z (1248267590)
    modification time: 2009-07-22T12:59:50Z (1248267590)
    change_time:       2009-07-22T12:59:50Z (1248267590)

    path: /home/jdennis/src/sssd/sssd/lwatch/src/tmp/tmp.log.1
        original path:     /home/jdennis/src/sssd/sssd/lwatch/src/tmp/tmp.log
        flags:             [BACKUP,STAT_DATA_VALID]
        version:           1
        reap_time:         2009-07-22T12:18:06Z (1248265086)
        reap_position:     58
        dev:               64770
        inode:             1594524
        mode:              -rw-rw-r-- (0100664)
        uid:gid:           jdennis:jdennis (3596:3596)
        size:              58
        access_time:       2009-07-22T12:17:39Z (1248265059)
        modification time: 2009-07-22T12:18:04Z (1248265084)
        change_time:       2009-07-22T12:18:04Z (1248265084)

Notice how there are two files being watched after the rotate and now tmp.log.1
is a child of tmp.log (because it's indented). This indicates there is a
derivative relationship between tmp.log and tmp.log.1. Also notice how the
version numbers of the two files are different. What is now tmp.log.1 started as
tmp.log and was assigned version 1. After the rotation tmp.log is assigned the
next version number. Also notice how tmp.log.1 is marked as a BACKUP of tmp.log
(the BACKUP flag in the flags and the presence of the "original path" value).

10) Observe how lwatch can resynchronize itself if it hasn't been running and
the filesystem changed.

Stop the running lwatch process by typing control-C.

Now add some new data to tmp.log while lwatch is NOT running.

% date >> tmp/tmp.log

Start the lwatch process again.

% ./lwatch ./tmp/tmp.log

After waking up on it's reap schedule you'll see something like this:

REAP "/home/jdennis/src/sssd/sssd/lwatch/src/tmp/tmp.log" [29:58]

This indicates that lwatch recognized in it's absense that bytes 29-58 were
appended to the file and needs to be collected.

Freeipa-devel mailing list

Reply via email to