File system monitoring utilities?

[superboyac]

Does anyone have any recommendations for a file system monitoring software?
I'd like to have a cool program that logs all changes made to files on a  computer (maybe not all).  Like if something was deleted, renamed, etc. it would keep track of it.  Is such a thing available?

[superboyac]

Boom:
http://www.deventerp...se.net/Projects.aspx

[joiwind]

Superboyac, have a look at this one : File monitor.

[superboyac]

Thanks!
Well, both of the tools above monitor files.  But I'd also like some automatic logging capabilities.  In short, I'd like the monitor to automatically create a log every day of the files that have changed and save it.  Ideally, I'd also like to be able to search the logs in the program, but that's not a big deal.  If it saves the logs as text files, I can search it with a file indexer.  The key is a program that can be set to save the log every night.

[joiwind]

There's also the well-known FileMon from Sysinternals which has more options.

[Stoic Joker]

Granted it not quite as glamorous, but audit tracking for various events/access types is built into Windows. And the security logs are searchable and can be filtered to only show what you're after at the moment.

Dave deletes file X. Audit tracking can be configured to show that (and when etc). Then you can simply filter by Dave and quickly see what else they were up to.

http://support.microsoft.com/kb/300549


Just a Thought.

[40hz]

+1 with SJ.  Audit tracking is the best way to accomplish that in Windows. Just keep an eye on the logfile size and do some periodic housekeeping. Because you'll be amazed how quickly some of those logs can grow depending on the level of activity and degree of detail they're collecting.
 

[Stoic Joker]

Just keep an eye on the logfile size and do some periodic housekeeping. Because you'll be amazed how quickly some of those logs can grow depending on the level of activity and degree of detail they're collecting.

-40hz (August 04, 2011, 01:34 PM)

Large but fixed size circular log is usually the safest balance. Other wise you have an off day and the server shuts down with a can't log X error. Panic ensues... (hehe)

[cranioscopical]

Dave deletes file X

-Stoic Joker (August 04, 2011, 01:24 PM)

That damned Dave: I kicked him out of here, now he's gone to your place!

[40hz]

Panic ensues... (hehe)

-Stoic Joker (August 04, 2011, 03:30 PM)

Plus a service call to us. (Usually after 5:00 and on a Friday.)  

[rjbull]

superboyac,

Did you get an acceptable solution for this?

Watch 4 Folder looks like it will do your monitoring, but I'm not sure it will make a new log file each day.  If I read the doc right, it puts everything into a single log.

[superboyac]

superboyac,

Did you get an acceptable solution for this?

Watch 4 Folder looks like it will do your monitoring, but I'm not sure it will make a new log file each day.  If I read the doc right, it puts everything into a single log.

-rjbull (August 12, 2011, 03:44 PM)

i haven't tried it yet.  It looks like the best one that I've seen so far, though.  I like the way it's setup.  The log file issue isn't that critical; if the rest of it works as nicely as it seems to be, then it might be the one.  I can setup other utilities to automatically save the log file every day or whatever.  And furthermore, I can set up a file indexer to make the log file searchable in an easy way also.  So if it can monitor effectively, the other stuff doesn't necessarily have to be integrated in the program itself.  In this case, something like Archivarius and SFFS can take care of the additional functions.

[dspelley]

I saw a link to this French language blog (Libellules) last night while perusing some old DonationCoder posts from 2005 (my Chromium browser seems to do a good job of translating it).  The blog seems to be very active and had this program Disk Pulse featured a couple of weeks ago.

There's a free version, but you may need to get the $25 Pro version to do everything you want.  I have not used it.

[superboyac]

I saw a link to this French language blog (Libellules) last night while perusing some old DonationCoder posts from 2005 (my Chromium browser seems to do a good job of translating it).  The blog seems to be very active and had this program Disk Pulse featured a couple of weeks ago.

There's a free version, but you may need to get the $25 Pro version to do everything you want.  I have not used it.

-dspelley (August 16, 2011, 08:18 AM)

Very nice find!  That's the winner right there.  I don't think we need to look any further.

[Steven Avery]

Hi,

Thanks. Good stuff to look at. I remember when we discussed why it was so hard for security software to pin culprits. And how I scanned the file dates to see what happened the day-time a .dll was put in that was causing an alarm.  (Turned out to be a proper .dll from an install of a good program that alarmed the virus program because of an obscure hook.)

Here is the XP equivalent to Stoics link
http://support.microsoft.com/kb/310399

Don't see a Windows 7 equivalent on a quick check.

Without having checked, I wonder if any of the products above are using this Windows auditing feature, and then formatting, etc.

Shalom,
Steven Avery

[superboyac]

Without having checked, I wonder if any of the products above are using this Windows auditing feature, and then formatting, etc.

-Steven Avery (August 17, 2011, 10:47 AM)

I was thinking the same thing.  Good to hear from you!

[tomos]

Here is the XP equivalent to Stoics link
http://support.microsoft.com/kb/310399

Don't see a Windows 7 equivalent on a quick check.

-Steven Avery (August 17, 2011, 10:47 AM)

me neither,
anyone know if this available for win 7?

[Stoic Joker]

Long as you're not using a Home Edition (feature is stripped out), it should be much the same as the basics don't change.