Is there anything like inotify on Windows?

Question

With the Linux OS, there is the inotify subsystem which notifies an application of changes to the filesystem.

However, I am mainly a Windows user, so I was wondering if there is a similar way to monitor filesystem changes?

I don't think such questions are off topic. The question asks for an OS API which is much different any tool/software-library. May be it can be worded differently like how to get notified in a windows application when particular file/files are modified. — balki, Jun 26 '17 at 18:54
Voted to reopen: The question is asking for a comparable alternative to a specific operating system API and figuatively reads to me like "I am from England where I use a fork to eat food, in Japan what utensil do I use in a similar fashion?" The accepted answer using that analogy is "use chopsticks." — David, Nov 10 '17 at 13:19

score 49 · Answer 1 · edited Oct 29 '13 at 11:02

49

If you're using .net, use FileSystemWatcher. More info here: http://msdn.microsoft.com/en-us/library/system.io.filesystemwatcher.aspx

If you're using C, use FindFirstChangeNotification, FindNextChangeNotification, ReadDirectoryChangesW. More info here: http://msdn.microsoft.com/en-us/library/aa365261(VS.85).aspx

On OSX, the relevant api is the fsevents api.

They're all subtly different from one another, and they all have questionable reliability in edge cases. In general, you can't depend on these apis for a complete view of all changes 100% of the time. Most people using file system monitoring combine it with periodic scans to compensate for lost or incomplete information from the push api.

edited Oct 29 '13 at 11:02

n611x007

8,952
8
59
102

answered Aug 18 '10 at 23:32

blucz

1,606
10
13

7

Can you please give some citation on the "questionable reliability in edge case for inotify? – Pharaun Aug 19 '10 at 01:50
20

If a consumer of a fs watcher api is slower at reading events than some other process is at generating them, the kernel either needs to hold up filesystem modifications in the other (possibly higher priority) process, or allow for unlimited growth of the buffer. inotify's buffer depth (as documented in the man page) is controlled by /proc/sys/fs/inotify/max_queued_events. Beyond this, you get a IN_Q_OVERFLOW notification--this is good, but you're still left in a situation where you may need to rescan from time to time. – blucz Aug 19 '10 at 09:00
Aha right, I was recently reading up on the queue. I think this edge case would depend on how many files you are monitoring and it also depends on if its critical to track all changes or if a few can be missed. But that's a good point. Thanks :) – Pharaun Aug 19 '10 at 13:16
1

@blucz I was wonderying myself how kernel people solve these situations. Good to know they do this, makes one more confident in design and implementation. – n611x007 Oct 29 '13 at 10:50

score 38 · Accepted Answer · answered Aug 18 '10 at 23:13

38

See the FindFirstChangeNotification API, or the .NET counterpart FileSystemWatcher

answered Aug 18 '10 at 23:13

nos

223,662
58
417
506

Remo Harsono · Answer 3 · 2022-07-31T22:45:31.927

24

take a look at this: inotify-win, a port of the inotifywait tool for Windows

and also this: inotify-tools, a C library and a set of command-line programs providing a simple interface to inotify

edited Jul 31 '22 at 22:45

answered Jan 10 '13 at 10:48

Remo Harsono

469
9
15

score 11 · Answer 4 · edited May 21 '12 at 12:35

11

JNotify or FileMon from Microsoft.

edited May 21 '12 at 12:35

bluish

26,356
27
122
180

answered Aug 18 '10 at 23:13

Eugene

2,226
1
14
15

8

JNotify was perfect for me because I needed cross-platform compatibility. I was even able to write a single bash script which worked in cygwin, mac, and linux presuming only that JAVA_HOME was set correctly. This has been a great aid for debugging problems on customer's machines, when they say "it deleted my file!" I can actually look at the log and try to figure out how/when that happened. – cmyers Jul 24 '12 at 23:51
1

FileMon is now ProcessMonitor https://technet.microsoft.com/en-us/sysinternals/bb896645 – MECU Apr 20 '17 at 16:02

Peter Krnjevic · Answer 5 · 2019-06-06T01:10:59.463

10

A bit late but ...

Windows has a facility similar to OSX events whereby you can monitor events without running an app. The Windows USN Journal keeps track of all file changes. Jeffrey Richter (author of Advanced Windows) wrote a terrific article with working samples for MSDN Journal. Update: article now from archive.org since MSJ no longer online at MS.

MSDN documentation for USN Change Journals.

USN Change Journals are probably better if you're building applications like backup tools or indexes that need to monitor entire volumes.

edited Jun 06 '19 at 01:10

answered Jul 17 '13 at 02:49

Peter Krnjevic

1,070
15
20

Is the USN Journal way any different, does relying on it avoid the buggy behavior of `FileSystemWatcher`|`FindFirstChangeNotification` [PhillipBrandonHolmes](http://stackoverflow.com/users/1084830/) was [speaking of](http://stackoverflow.com/a/17660295/611007)? – n611x007 Oct 29 '13 at 10:56
4

It's been a while since I worked with this, but it does not use FileSystemWatcher or FindFirstChangeNotification. I started writing a Windows event watcher in Go, based heavily on Jeffery Richter's examples. From the bit of testing I did, it is rock solid, and misses nothing, similar to fsevents in OS X. Gist is here: https://gist.github.com/pkrnjevic/7219861 – Peter Krnjevic Oct 29 '13 at 18:21
@PeterKrnjevic Can you update the link for the article from Jeffrey Richter ? – SOUser May 27 '19 at 12:02
@SOUser, due to MS bitrot, article is now linked from archive.org. – Peter Krnjevic Jun 06 '19 at 01:12

Phillip Holmes · Answer 6 · 2013-11-12T18:45:36.223

4

FileSystemWatcher() is unreliable mainly due to the fact it's error handling for the watcher buffer is more or less incomplete. Due to a lack of path and detailed error handling information, Microsoft gives you no way to recover or manually poll the working directory.

The JNotify for Windows is unreliable as well because this bug ^ derives from win32. JNotify uses win32. So, it's no different than FileSystemWatcher().

edited Nov 12 '13 at 18:45

answered Jul 15 '13 at 17:34

Phillip Holmes

427
4
10

thinking about how to design roles to solve this 'speed'/'race'/'overflow'-like problem, I wondered myself how the kernels did it. Interesting. This thing also occurs with networking and logging. Does this problem have a name? – n611x007 Oct 29 '13 at 10:54
Yes it's name is "bug". The bug (win32) has been left in every operating system created by Microsoft to date. This makes any Microsoft operating system unfit for a file watching type solution. You have to go *nix to accomplish it. Sometimes I think they've intentionally left this buffer overflow in for security reasons. – Phillip Holmes Nov 12 '13 at 18:50
haha.. yeah.. it's name is intentional cluster kludge so that microsoft's file system can't be intentionally watched. It's a bug they left in due to security concerns. – Phillip Holmes Sep 16 '14 at 15:03

score 1 · Answer 7 · answered Aug 18 '10 at 23:12

1

I did a bit of searching, I seem to recall seeing something similar for Windows. There's FileSystemWatcher for .NET. Its mainly for NT or XP and forward.

answered Aug 18 '10 at 23:12

Pharaun

1,232
1
12
24

2

It's more generally only available on NTFS Filesystems, but not on FAT16, FAT32 or even the new exFAT. – Mastacheata Nov 01 '18 at 15:16

score 0 · Answer 8 · answered Mar 05 '13 at 10:54

0

try Java File Notification Library

answered Mar 05 '13 at 10:54

lifei

235
2
10

Is there anything like inotify on Windows?

8 Answers8

Linked