How do I trigger an action if a file is added/deleted from a directory?
There are several scenarios where you may want to monitor when files are added or deleted from a directory, and when this happens, trigger a particular action. In this specific example, a backup folder will be monitored for file deletions since files will regularly be added but not deleted, and an alert will be triggered to send a text message to the Backup Operator. Steps for this guide will be:
- Create, configure and assign a File Monitoring package
- Creating an Action to be triggered
- Create an Event Log Package and adding a filter to trigger an action after the file is deleted and assigning the package.
- Saving Configuration
- Test filters
1. Create, configure and assign File Monitoring package
Create a package by (1) right-clicking on System Health under Package tree and (2) click on Add Package. (3) Enter package name, for this example package, it was named "Backup Monitoring." Right-click on just created package and (5) Add (6) File Monitoring.
Creating a File Monitoring Package
When configuring the File Monitor package, (1) click on "+" to add a folder to monitor. At "Add / Edit monitored folder" windows, (2) click on the "Browse" button and select the folder to be monitored. (3) In this example, "Only monitor files that are included below" is used since we only want to monitor ZIP files and ignore any other files that could be generated, added, or removed to/from this folder. (4) Click on "+" to include a filter and (5) type "*.zip". (6) Click on OK.
Configuring the File Monitoring Package
Assign the package to the desired host by (1) right-clicking on the package (Backup Monitoring for this example) and (2) clicking on assign then (3) selecting the host
Assigning the File Monitoring Package
2. Creating an Action to be triggered
In this example we are going to send a text message via an email gateway. To create an action, (1) right-click over Actions in the configuration tree and (2) click on Add Action, (3) select Email, (4) choose an action name and (5) Click OK.
Creating an Action to be triggered
From the Action dialog, (1) Enter the sender or leave the default host-generated sender. (2) Click on the calculator to generate the email address for the SMS text alert (more information about sending SMS available here), more recipients can be added too. (3) Enter your company SMTP information as host, port, encryption, user and password.
*Note: The "Send Test Email" Button can be used to check if everything is correctly configured and that the SMS is received.
Configuring an Action to be triggered
3. Create an Event Log Package and add a filter to trigger an action after a file gets deleted.
An Event Log filter is required to trigger the alert. To do so, (1) Right Click on Event Logs inside the Package tree and (2) Add Package, (3) Enter Package name, ("Backup File Delete Alert" in this example), and (4) right-click over the newly added package and (5) select "Add filter.."
Creating an Event Log Package and Filter
In the event log filter windows, under action group (1), Click on the "+" button to add the action created in the previous steps. For this example, only the newly created action is selected, but multiple actions can be selected as well. (2) Click to select the "Send Text to Backup Operator" action.
(3) Filter configuration should be:
Log: Application
Event Severity: Warning
Filter Settings: Include
Details:
Event Source: EventSentry
Category: File Monitoring
Event ID: 12203
Note: Check the image below for an example of what the filter will look like.
(4) From Content Filters, click on "+" button, two filters will be added, (5) first based on insertion string match 1 to match the folder we selected, for this example:
*c:\root\backups*
Creating this content filter will limit alerts to only the monitored directory. (6) The second filter is to limit alerts to only when a file is deleted by using the following wildcard: *file*has*been*removed*
Configuring the Filter
The package must be assigned to host, (1) Right Click on the event log package that we just created, (2) Click on Assign then (3) select the host.
Assigning the event log package
4. Saving Configuration
From the top menu, (1) click home (2) and the save icon.
5. Testing filters
After saving the configuration, the filter can be tested by adding a ZIP file to the directory and then deleting or moving it. An event should be written in the Application log, and an SMS alert should be triggered.
Event Log Example
Example alert received on the phone
