rvaldivia
asked on
Notification when a file is open
Well this is a long story. The problem is that some guys at work have started to read the event log of other computers looking for the "Net Send" messages received by other people, you know, that if you go to My Network Places/Entire Network/Directory/Computer
Having telling the story, what I need is to code a program that detects when someone has open a session in my computer to see the event log. I've noticed that when this happens I can see the session in Computer Management/ System Tools/Shared Folders/Sessions and an entry in Computer Management/ System Tools/Shared Folders/Open Files, this entry shows PIPE\EVENT-LOG as file name. So I suppose that since this is detected as a shared file opened then using the NetFileEnum Api, the PIPE\EVENT-LOG will be listed and I can identify it by the name. However, this will require the program to be a sort of demon that reads the shared files opened periodically, say every, 5 seconds. I do not see much of a problem on that because it is a very light process that will not affect my PC performance at all. However, I'd like to know if there is a way of generating a notification at the moment it happens.
Thanks a lot for any help.
Having telling the story, what I need is to code a program that detects when someone has open a session in my computer to see the event log. I've noticed that when this happens I can see the session in Computer Management/ System Tools/Shared Folders/Sessions and an entry in Computer Management/ System Tools/Shared Folders/Open Files, this entry shows PIPE\EVENT-LOG as file name. So I suppose that since this is detected as a shared file opened then using the NetFileEnum Api, the PIPE\EVENT-LOG will be listed and I can identify it by the name. However, this will require the program to be a sort of demon that reads the shared files opened periodically, say every, 5 seconds. I do not see much of a problem on that because it is a very light process that will not affect my PC performance at all. However, I'd like to know if there is a way of generating a notification at the moment it happens.
Thanks a lot for any help.
aikimark
an active firewall would be the better solution
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Aikimark and Codedk,
Thanks to both for the quick response.
Codedk,
I like both ideas: disabling the "Event Log" service and catching the intruder red handed. I'll tell my friends to disable this service. However, first, I'd like to know if disabling the "Event Log" might cause any unwanted side effect that could affect the system in some way or if it is 100% sure to do this. With regards to detecting the intruder, I already coded a program that detects open shared files and identifies the PIPE\EVENT-LOG "file" and sends "net send" message to the person accessing that file. However I believe that your solution is more straight forward and detects more things. So I'll give you the points. Thank you.
Ron.
Thanks to both for the quick response.
Codedk,
I like both ideas: disabling the "Event Log" service and catching the intruder red handed. I'll tell my friends to disable this service. However, first, I'd like to know if disabling the "Event Log" might cause any unwanted side effect that could affect the system in some way or if it is 100% sure to do this. With regards to detecting the intruder, I already coded a program that detects open shared files and identifies the PIPE\EVENT-LOG "file" and sends "net send" message to the person accessing that file. However I believe that your solution is more straight forward and detects more things. So I'll give you the points. Thank you.
Ron.
Yes i think its a clever approach and funny too.
Disabling Event Log is 100% safe. The only problem is if you want to see some log ... You want be able to see it. Just that.
If sometime you want to see a log of an error you can re-enable it and reproduce the error.
See the log...
Then disable it again :)
Disabling Event Log is 100% safe. The only problem is if you want to see some log ... You want be able to see it. Just that.
If sometime you want to see a log of an error you can re-enable it and reproduce the error.
See the log...
Then disable it again :)