• State Not Answered
  • Locked Locked
  • Replies 6 replies
  • Subscribers 22 subscribers
  • Views 551 views
  • Users 0 members are here
Options
Related
This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

Best way to exclude folders in FIM 6.1

cjarocki

I am just beginning to work with FIM in LEM 6.1. What is the best way to exclude a particular folder in, for example, the Windows folder? and is it normal to see multiple write 'hits' on the same file, at the same time?

  • 0

    I think you simply exclude it in your selection when you are setting up your conditions and browsing for Drives and Folders to watch. I don't know if there is another way for accomplishing the same goal.

    Regarding the multiple hits on the same file, I am also wondering about that. FIM is reporting too many instances of the exact same events under FIM.

  • 0

    The way I am doing it now is selecting each folder in a the tree and choosing the non-recursive option. What I don't know is if the overhead on the server is more with a bunch of non-recursive selections, then if I do the entire root folder recursively. It may be the only way to do it.

  • 0

    I'm also looking for an answer to this question.   As an example scenario, I'm monitoring a file system on a SQL Server database server.  I want to know every time a file is created on the system with a few exceptions.  I don't want to know when .MDB or .LDB files are created.  I don't want to know when certain logs are written to.  Is there a NOT ( ! ) option that will allow me to define a folder, a wildcard, or an individual file I want to ignore?  

  • 0 in reply to stan_22554

    I agree, this would be a nice enhancement. I had the same question when I came to this board.

  • 0

    I just started rolling FIM out for a PCI requirement and noticed this issue as well....We have some folders in our environment with special config files we don't want touched, this same folder has app logs that are constantly changing.

    It would be nice if we could configure "exclusions".  Right now we're looking at making 20 individual file monitors...making 2-3 exclusion would be easier, or having the ability to ignore extensions.....like exclude " *.log " in the folder.

  • 0

    I have a feature request open for FIM to address the differing amounts of windows read events created when a file is opened (one per thread). What I want is a FIM event that triggers when >1 windows event is created, furthermore I want to ignore the NT\Authority events and focus on the DOMAIN\user event.

    I have also noticed the file type seems flawed, when I set FIM on a .csv file I get events when my FIM is set at *.* but not when it is set at *.csv

    I think FIM has the potential to be a great tool with a bit more work

SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 195,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.

SolarWinds Customer Success Center Certification Media Vault Link Accounts
About THWACK Blogs For Government Edit Settings Free Tools & Trials
Legal Documents Terms of Use Privacy California Privacy Rights Security Information
©2024 SolarWinds Worldwide, LLC. All Rights Reserved.