Solved

Need to monitor file activity (without scanning with FindFirst)

Posted on 2009-05-05
8
673 Views
Last Modified: 2013-11-23
I need to monitor and log file activity in a directory tree for a timesheets program. My old version simply scanned the entire tree and logged the file info that had changed (either created or modified). However, this is becoming unworkable due to the ever expanding tree. Is there a way to link into some notification mechanism so that my app could stop the periodic (and now time-consuming) scans. I'd like to have it behave like the Windows Explorer which somehow knows that a new file has been added to a folder and uses that notification to update its file list.
0
Comment
Question by:BradKilmer
  • 3
  • 3
8 Comments
 
LVL 13

Expert Comment

by:ThievingSix
ID: 24311017
0
 

Author Comment

by:BradKilmer
ID: 24311287
Oops. I take it back. That's not what I'm looking to do. I downloaded and installed the TSHChangeNotify component and did a few file operations within Windows Explorer and they were logged as expected. I thought that was the answer; however, I was wanting to receive notifications whenever ANY application modified files within a specified tree. I want to log the name all files being created/deleted/modified by any app; the only event logged by this component when a non-shell file operation is performed is the UpdateDir (and that's only when you have the Windows Explorer opened to the folder where the affected files reside, and I've already observed 2 failures to log even that).
Still looking...
0
 
LVL 13

Expert Comment

by:ThievingSix
ID: 24311322
0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 

Author Comment

by:BradKilmer
ID: 24311665
That's closer. The events are fired when the specified changes occur (from any app), but I need to get the file names that trigger the change events; I can't see where the filename information is accessible at any point during the event processing. Therefore, I would still have to scan the directory tree being monitored to see what change triggered the event: scanning the directory tree brings me back to square one (that's what I'm trying to get away from). Thanks for your help, but I'm thinking that my best option is to optimize my existing code so that scans the directory tree in short bursts and stops locking up the main VCL thread for tens of seconds at a time; it doesn't have to scan that rapidly, just constantly.

Thanks
BK
0
 
LVL 13

Accepted Solution

by:
ThievingSix earned 500 total points
ID: 24311877
Alright, I got it!

http://www.torry.net/vcl/filedrv/notification/urdirmonitoring.zip

That download will give you the file DirMonitoring_d5.dpk. Open it to install the component.

For me the requires for it were not correct.

I saw:

requires
  vcl50,
  Vclx50;

I needed to remove the "50" from each for it to work. I ran the demo application and watched C:\ and renamed a file from the explorer and from another program. Should work.
0
 

Author Comment

by:BradKilmer
ID: 24315333
PERFECT!
Thanks!
BK
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Can I legally transfer my OEM version of Windows to another PC?  (AKA - Can I put a new systemboard in my OEM PC?) Few of us are both IT and legal experts but we all have our own views of Microsoft's licensing rules and how they apply.  There are…
For both online and offline retail, the cross-channel business is the most recent pattern in the B2C trade space.
The viewer will learn how to synchronize PHP projects with a remote server in NetBeans IDE 8.0 for Windows.
The viewer will learn how to use and create new code templates in NetBeans IDE 8.0 for Windows.

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now