How to Log File Reads on Server Share

Hot Topic

Setting DNS suffix through .NET?
Exception Handling DO NOT WORK!! Help Please!@!
Multithreading on database server side
uploading images onto an SQL database through ASP page
Pet peeve of the day
Debugging using Visual Studio 2003 when .Net 2.0 is installed
Call web service from web service
How to access primary key value
.net 2.0 SqlDependency
programatically adding an imagebutton - setting position (style?)

.NET Development

soapreceiver problem
newbie question related to ecommerce
Stripping certain part of XML for info...
Warning when trying to run the application
Is Malayalam not supported by CultureInfo class?
This must be a dumb question
problem with the online xml/xsd validator
Handling .NET Exceptions in VB6
VS2005 Dataset Designer Bug?
What software do I need for .NET

How to Log File Reads on Server Share

I am hoping to create a Windows Service that logs file reads on a server share. Unfortunately, the FileWatcher class only traps Changed, Created, Deleted and Renamed events. I am currently investigating Windows Messaging to see if this offers any possibilities. Any suggestions as to how to approach this problem would be greatly appreciated.

Please advise if there is a more appropriate forum for this question.

Answer this question

How to Log File Reads on Server Share

  • GerryT

    Thank you for your timely response Optikal.

    I am aware of Filemon. I need to create a Windows Service that will be distributed under license to our clients. It will integrate with an existing product and provide a very specific monitoring function - to continuously log the reads of specific files in specific folders. The logs will then be used to generate usage reports.

    So, a third-party executable will not suffice. A royalty-free third-party component (.NET/ActiveX) could work if it is stable and proven. The only candidate after endless searches is a component called xDiskSpy by Alessandro Valenti. However, the component no longer appears to be available or commercially supported.

    Referring to the FileMon documentation,

    "On Windows NT the heart of FileMon is a file system driver that creates and attaches filter device objects to target file system device objects so that FileMon will see all IRPs and FastIO requests directed at drives. When FileMon sees an open, create or close call, it updates an internal hash table that serves as the mapping between internal file handles and file path names. Whenever it sees calls that are handle based, it looks up the handle in the hash table to obtain the full name for display."

    It would seem an approach like this may be necessary to detect file reads. I was hoping that a more straightforward approach may be possible.

    Our strong preference is to create our own code or, failing that, to use a component (ideally .NET) from a major vendor.


  • Rohit Tela

    The Filemon utility from SysInternals does all this for you, you might just be able to use that (the enterprise version can spit it out to a log file I believe).

    http://www.sysinternals.com/Utilities/Filemon.html

  • cjarvis

    Hi there.

    Windows does this for you and logs such events in the event log security - make sure you have auditing set up on the folder you want to monitor

    hope it helps



  • N. Gama

    Hi ahmedilyas

    Thank you for your response.

    We are aware of auditing capabilities. However, our clients are not going to be happy if we flood the security log with hundreds of thousands of file access events.

    Also:-

    • Before we write to the log we had intended to do some processing, basically mapping the filename against local metadata files to write out intelligent data. The trouble with doing this after the fact is that the metadata files may have changed (via a Live Update process) in the interim.
    • We want the daily log files to be maintained for monthly processing.
    • We had also wanted to integrate this service with an existing application that is installed on the server.
  • How to Log File Reads on Server Share
Answer this question