How can I track who is saving large files to the network?

Posted on 2008-06-18
Last Modified: 2010-04-18
I need a way to monitor our network drives so that when someone saves a large amount of data to them we get either an alert or some sort of log that we can view. The key thing is that we need to know who has saved the data.
The problem that we are having is that we will have say 10GB left on one of the network shares. Someone will then try and save data to it totalling 12GB. When the drive runs out of space the user will realise its their data that has caused the problem and delete it.
We have monitoring software in place that alerts us when the drive space is running low (goes below 2 GB) but by the time we logon and search the drive the user has already deleted what they saved so we are unable to find out who it was.

If we need to buy software to do this that is fine but if there is another way that would be good.

Shared drives are on Windows Server 2003.
Client computers running a mix of Windows 2K and XP.

Question by:Kronax
  • 3
LVL 38

Expert Comment

ID: 21830847
Have you looked at the Windows Server Event Logs to see whether the alert signalling the drive capacity issue give any more detail as to the origins of the process that caused the error situation?

Does your monitoring software have the option or capability of creating verbose enough logs to give that level of detail?

Author Comment

ID: 21832057
I have looked into the event logs but could not find any alerts listed when the shared drive runs out of space.

Our current monitoring software is fairly basic and only monitors the amount of space available on the share. I have tried searching for other products but have been unable to find any that do anything other that monitor drive space, file types and file access. Most will not record the user who has made the change. I have found one that will but it records every change that happens on the drives so you end up with a massive log file. Unfortuantely it does not offer any option to filter it by size or any other usefull parameters.
LVL 38

Accepted Solution

BillDL earned 500 total points
ID: 21833007

Just a thought.  If the program that creates the massive log files is able to export to ascii text, then maybe you could compile an "AutoIT3" script to *.exe file and schedule it to perform the following sequence at regular intervals:

1. Export the accumulated log to *.txt and then clear it (if that option exists)
2. Run a FIND command on the log file for instances of whatever alert is logged, and output the relevant lines to a much smaller analysis *.txt file
3. Delete that exported log file
5. email the user with an advisory note or set a logon notice for that user.

The bulk of the AutoIT script could be written using the wizard interface and going through each step live to generate the simulated keystroke call functions of the script as you go.

Here's an example tutorial:

Worth experimenting with, or too elaborate?
LVL 38

Expert Comment

ID: 22831344
Thank you Kronax

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
backup strategy concern 5 99
replace a Storage 5 97
Server backups 5 59
Windows server 2012 R2 Cluster node validation failed(storage) 6 37
Create your own, high-performance VM backup appliance by installing NAKIVO Backup & Replication directly onto a Synology NAS!
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
This video teaches viewers how to encrypt an external drive that requires a password to read and edit the drive. All tasks are done in Disk Utility. Plug in the external drive you wish to encrypt: Make sure all previous data on the drive has been …
This Micro Tutorial will teach you how to reformat your flash drive. Sometimes your flash drive may have issues carrying files so this will completely restore it to manufacturing settings. Make sure to backup all files before reformatting. This w…

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question