Prerequisites for IBM Storage Defender sensor for Windows

Edit online

When you add an IBM® Storage Defender® sensor on the Windows machine, you must activate Update Sequence Number (USN) change journal to get alerts from volumes. The USN change journal provides a persistent log of all changes made to files on the volume. The USN journal must be active for the volumes that we want to monitor. The USN journal is generally active by default, but may not be for all volumes.

Before you begin

The SSH server from OpenSSH must be enabled on Windows server. For more information, see the Enable OpenSSH for Windows Server section in Get started with OpenSSH for Windows.

Procedure

To check and activate the USN change journal, complete the following steps:

To check if the USN change journal is active for a volume, issue the following command:
```
fsutil usn queryjournal <volume>
```
where, <volume> is the name of the volume that you want to check.
To activate the USN change journal for a volume, issue the following command:
```
fsutil usn createjournal <volume>
```
where, <volume> is the name of the volume that you want to activate.

Example

To check the e volume USN change journal is active or not:

C:\Users\Administrator>fsutil usn queryjournal e:

Error: The volume change journal is not active.

To check the c volume USN change journal is active or not:

C:\Users\Administrator>fsutil usn queryjournal c:

Usn Journal ID : 0x01dae174f4f0f9ef
     First Usn : 0x00000000b1000000
      Next Usn : 0x00000000b3401cc8

The output states that the USN change journal is active.

To activate the f volume USN change journal:

C:\Users\Administrator>fsutil usn createjournal f: