Folder monitoring with solarwind using powershell script. Working effectively. (Explained with concept)

Answers:

Basically, the folder monitoring can be done on the basis of timestamp of folder that has been modified.

How this can be done ?

We scan folders with recursive switch of Get-Child-Item and sort them out with lastwrite time stamp. Then from the sorted list the bottom one will be the latest folder and top one will be oldest folder. 

Here our concern in on latest updated folder. So we truncate the time stamp and we subtract the updated time stamp from current time, and we convert it to second.(Note: We can convert as per our convenience either to hour as well). We use this time difference as threshold to generate incident/email alert.

Below i have attached modified script that has applied the concept i have explained here.

Let me know if you have any queries.

Recommendation : The threshold second should be kept more than the polling frequency of the monitor.

Copy from below and first try on machine it self where you want to test the folder monitoring. then try from solarwind.

$Folder = "C:\Users\ktimilsina.admin\Desktop\TestFolder\"  ## You can give your folder path in the argument

if (test-path $folder) {

$FolderDir = gci $folder -Directory -Recurse
$FolderFiles = gci $folder -File -Recurse -Exclude test1 modified.txt


$FolderDirAge = $folderdir | Sort-Object LastWriteTime
#####$OldestFolder = ($FolderDirAge | Select-Object -First 1).lastwritetime
$LatestFolder = ($FolderDirAge | Select-Object -Last 1).lastwritetime


$FolderFileAge = $folderfiles | Sort-Object LastWriteTime
####$OldestFile = ($FolderFileAge | Select-Object -First 1).lastwritetime
$LatestFile = ($FolderFileAge | Select-Object -Last 1).lastwritetime

[datetime]$nowtime = Get-Date
[int]$LatestDirUpdatedSec = ($nowtime - $LatestFolder).TotalSeconds;

[datetime]$nowtime = Get-Date
$parentAge = Get-ItemProperty -Path $folder | select lastwritetime -ExpandProperty lastwritetime
[int]$parentsecs = ($nowtime - $ParentAge).TotalSeconds;

Write-Host 'Message.ParentFolderAge:' $parentage
Write-Host 'Statistic.ParentAgeSec: ' $parentsecs


Write-Host 'Message.LatestFileAge:' $LatestFile
[int]$LatestFileSecs = ($nowtime - $LatestFile ).TotalSeconds;
Write-Host 'Statistic.LatestFileSec: ' $LatestFileSecs

Write-Host 'Message.LatestFolderAge:' $LatestFolder
Write-Host 'Statistic.LatestFolderSecs: ' $LatestDirUpdatedSec


Write-Host "Message.FolderExists: $folder Exists"
Write-Host 'Statistic.FolderExists: 1'

}

else {
Write-Host "Message.FolderExists: $folder NOT FOUND!"
Write-Host 'Statistic.FolderExists: 0'

}

  • Here we don't require oldest file and oldest folder, our motto is just to monitor the folder which one is just modified. We need to monitor that timestamp, thats why i have commented the section ####$OldestFile  and #####$OldestFolder as you can see inside the script above.

    Thank you for views.