DIRSCAN - Recursive Directory Scan

Idea created by AndreKleynhans on Mar 2, 2018
    • vanja27
    • GuanHua1378
    • AndreKleynhans

    We are utilizing the DIRSCAN probe to monitor for changes made to any files within a specific directory. We configured the "Directory Age" option within the DIRSCAN Probe. When changes are made in a specific directory, UIM will trigger an event and notify us that there has been changes to the directory. When changes are made to files within a sub-directory of a monitored directory, no event is triggered. This is due to the way how Microsoft handles updating of Directory Timestamps when files are modified.


    As one work around, we can specify individual directories, but when directories starts having hundreds of sub-directories, with even more sub-directories below them, monitoring becomes a nightmare. Another work around is to use the "Age of File" option to monitor for changes, as it will check all files recursively. The issue comes in that where we could have one event logged, we might now possible sit with hundreds of events which increases the workload on our admins. 


    We are not concerned with what is changed in a directory, as long as we can identify that there was changes made. As such, we would like to see the DIRSCAN probe to run recursively through a directory and sub-directory structure to monitor for changes to files using the "Directory Age" option.