How to tune inotify to use less memory?

Question

I'm working on an embedded linux system.

I tried to use inotify to monitor changes. But when I tried to monitor a huge numbers of folders (let's say more than 6000 folders), inotify uses a lot of memory (about 25-30MB). As you all know, 25-30MB in embedded system is considered to be large...

My questions are;

• is this normal?
• is anyone know how to tune this?
• any alternative to monitor a huge numbers of folders without adding watch in each folder?

Answer 1

As far as I know a recursive watch is not possible with an unpatched Linux kernel. See also https://superuser.com/questions/118642/recursive-filesystem-notifications-inotify-for-ubuntu-karmic-koala . Maybe fanotify would work for you, but it needs a kernel patch.

Answer 2

Look into using Auditd.

There is also a user space file system called loggedfs, but I couldn't get that to work.