IBM Support

Monitoring files age into a specified directory using Windows OS agent

Technical Blog Post


Abstract

Monitoring files age into a specified directory using Windows OS agent

Body

Administrators working in monitoring area often receive requests about creating alerts for stale files (files residing into specific directories for long time).

This may be requested in scenarios were specific applications dynamically creates and deletes files into
a directory, and a file older than a specified interval might indicate malfunctions or unexpected conditions.

This can be done easily with Windows OS Agent using File Trend attribute group, as described in this technote:

http://www-01.ibm.com/support/docview.wss?uid=swg21393829

Anyway this solution is applicable only if you want to monitor single files and when you know the name of the monitored files.
In fact, you need to provide in the situation formula both the Watch Directory and Watch File attributes.

There are some limitations for both File Trends and File Change attribute groups, that are the ones we usually looks at for such requests:
 
1) More than one row in the situation formula (so defining an OR condition), for both File Trends and File Change, is not supported.
Manual says:
"Any query and situation must contain only one row of filter data in the situations formula.
If more than one row is provided the results are undefined"

2) If you need to use a timestamp comparison filter (IE: Date Time Created <= Local_Time.Timestamp - 1S) with File Change attribute group, it will not work because the attribute group is not

interval driven, as it is an event driven attribute group.
It means that the situation is not executed at specific interval times. It is evaluated instantly when the OS advises about any change in the directory or file.
So doing time comparison on this attribute group does not make sense, because the comparison is not repeated periodically.
File Trend attribute group is instead interval driven, the data collection is executed periodically, but it does not allow to perform the evaluation on specific file attributes, and even more important, it requires the Watch File attribute to be specified.
So you could use the File Trend for your purpose, but you would need to know the real file name, because wildcards or SCAN function is not supported on this attribute group.

What to do if you don't know the name of the files and if you need to monitor multiple files ?

There is a valid alternative without leveraging on other solutions or external agents.
You can use the Scripting feature available with Windows OS Agent to write your own script to monitor the wanted directory.

http://www-01.ibm.com/support/docview.wss?uid=swg21960062

You can create a script that lists the content of the directory and for each file you can check the modification time, comparing it with the current time.
If the comparison exceeds a specific value, you can return in output the name of the file and the modification time plus other info you like to be shown on TEP client.


The output from the script will be showed in the attributes available for the scripting features and you can then run situation on them.

 

The code below is a sample for a Powershell script that can be used to retrieve files from a directory having LastWriteTime older than 20 minutes.

-----------------------------------------------------------------------------------

$path = "C:\monitoredDir"
$limit = (Get-Date).AddMinutes(-20)
Get-ChildItem -Path $path -Recurse -File | Where-Object { !$_.PSIsContainer -and $_.CreationTime -lt $limit } |
Group-Object -Property Name |
ForEach-Object {
@(
$_.Group.Name,$_.Group.LastWriteTime

)-join'|'
}

-----------------------------------------------------------------------------------
The content of monitoredDir will be checked when the script is executed, and if any file has Creation Time exceeding the limit, then the file name and the LastWriteTime properties are written in output, separated by a "|".
Using this code in a Powershell script, you can invoke it from the Windows OS scripting feature, executing it at regular intervals.
The output of the script is parsed by the scripting feature, as you can tell it how to parse the output data (in this case by the "|" character used in the script to join the grouped data).
Then data is showed on TEP and can be also used in situations.

 

Hope this can help you in similar scenarios

Thanks for reading.

 

Tutorials Point

 

Subscribe and follow us for all the latest information directly on your social feeds:

 

 

image

 

image

 

image

 

 

  

Check out all our other posts and updates:

Academy Blogs:https://goo.gl/U7cYYY
Academy Videos:https://goo.gl/TLfMoF
Academy Google+:https://goo.gl/HnTs0w
Academy Twitter :https://goo.gl/AhR8CL


image

[{"Business Unit":{"code":"BU004","label":"Hybrid Cloud"},"Product":{"code":"","label":""},"Component":"","Platform":[{"code":"","label":""}],"Version":"","Edition":""}]

UID

ibm11085217