Monitor a Given Directory for File Writes

Okay, I have gotten a bit of clarification on this, and the request is a bit more complicated than originally thought. The scenario is this:

1. We have a directory that should have a file written to it out of a custom application, at periodic intervals throughout the day.

2. If the file is not written to the directory, it indicates an issue with the application.

3. We would like an alert that checks the directory every 15 minutes or so, and if a file is not written in a certain period of time, an alert is triggered. Sort of like an "If the newest file creation time is older than X minutes, generate alert" kind of thing.

Does anyone know if this is something that can be done in a fairly straightforward manner?

Sounds like the simplest solution would be to enable file auditing on that directory and use the Windows Event Log Monitor to search for the specific event that's written to the event log when a file is created in that directory and alert when that event isn't found after "x" period of time. The templates below are another possible option. If neither of these options pan out you might find someone capable of helping you write a SAM script that would do this by posting in the

• Linux/Unix File Age Monitor

Hi There,

The solution proposed by @aLTeReGo may be an option for you. Just watch that you don't overload the log files with file activity events. Windows seems to log hundreds events for basic operations.

Another solution is to use a third party tool to monitor the file activity and trigger the event which could be displayed within your SolarWinds views. We develop a product called LANGuardian which uses deep packet inspection to capture file and folder names from network traffic. You can setup an alert if file X is not detected then an alert can be triggered. You can see an sample of the output at this link - http://demo2.netfort.com/Orion/SummaryView.aspx?viewid=35

Darragh

Both of the solutions given so far would work.  I've done something similar using some PowerShell (but not in SAM) scripting that doesn't require breaking out extra logging, or any third party components.  Assuming the machine you are testing against is a Windows box, something like this should work:

$date = (Get-Date).AddMinutes(-16)
$sDate = "{0:0000}{1:00}{2:00}{3:00}{4:00}00.000000-000" -f $date.Year, $date.Month, $date.Day, $date.Hour, $date.Minute


$files = Get-WmiObject -ComputerName ${IP} -Credential '${CREDENTIAL}' CIM_DataFile -Filter "Drive='D:' and Path='\\WebSites\\IISLogs\\W3SVC1\\' and LastModified >= '$sDate'"


if ($files -eq $null) {
  "Message: No files written in the last 16 minutes"
  "Statistic: 0"
} else {
  if ($files.Count -eq $null) {
  $count = 1
  } else {
  $count = $files.Count
  }
  'Message: {0} files writtin in the last 16 minutes' -f $count
  'Statistic: {0}' -f $count
}

I've set the time to 16 minutes backwards from the time of check to allow for drifts in clocks (line 1 see the  -16).  CIM_DataFile object requires a weird date format when queries using PowerShell, so line 2 does the conversion for you. Line 5 gets the objects, and 8-19 handle the logic of if files were written or not.  Then once you've created this as an application monitor, you set the criteria up for the trigger to be 0 as warning/critical, and create your alert based on the application monitor going into a warning/critical state.

You, sir, are a PowerShell demigod.

This has been a HUGE help - thanks Jonathan!!!!!