File Watcher for Windows
Version: 1.0
User Manual
Table of contents
UNC
Path Names Not Accepted on Windows NT 4.0 Computers
Multiple
Created Events Generated for a Single Action
Unexpected
Events Generated on Directories
Steve Lohja & Associates
ALL RIGHTS RESERVED
Steve
Lohja
4754
N. Keystone
Email:
slohja@lohja-associates.com
Introduction
You use the File Watcher application to monitor a file system and react when changes to the directories or files it contains occur. This makes it possible for you to quickly and easily launch business processes when certain files or directories are created, modified, or deleted. For example, suppose you and a group of coworkers are collaborating on a document that is stored on a shared directory on your server. Using File Watcher, you can program your application to watch for changes to the contents of that shared directory. When a change is detected, the component can run procedures that notify each of the group members via e-mail.
Note File Watcher is designed to watch for changes within a directory, not to changes to the root directory's attributes themselves. For example, if you are watching a directory called c:\ftp, the component will monitor changes within the directory but not changes to the root directory itself.
You can configure File Watcher to watch either an entire directory and its contents or a specific file or set of files within a given directory. The File Watcher raises an event whenever a file or subdirectory within the specified root directory is created, deleted, renamed, or changed in some other way. The types of changes that the component monitors include changes in the file's or subdirectory's attributes, size, last write time, last access time, and security settings.
Security Note A denial-of-service attack is possible if a malicious program gains access to a directory your File Watcher is monitoring and generates so many changes that the component cannot manage them. Use access control lists properly to reduce the risk of a denial-of-service attack.
When changes occur within a root directory or to a file your application is monitoring, one or more events are raised, File Watcher gives you access to the following events:
- Created — raised whenever a directory or file is created.
- Deleted — raised whenever a directory or file is deleted.
- Renamed — raised whenever the name of a directory or file is changed.
- Changed — raised whenever changes are made to the size, system attributes, last write time, last access time, or security permissions of a directory or file.
Note Although some common occurrences, such as copying or moving a file, do not correspond directly to an event, these occurrences do cause events to be raised. When you copy a file, the system raises a Created event in the directory to which the file was copied but does not raise any events in the original directory. When you move a file, the server raises two events: a Deleted event in the source directory, followed by a Created event in the target directory.
Each change to a file in a directory raises a separate event. If a user makes multiple changes to a single file, the application raises a separate event for each change. For example, if you are watching a directory that contains five files and the security permissions for all of the files suddenly change, you will receive five Changed events. If the user renames and assigns new security permissions to each of those files, you will receive 10 event notifications — a Changed event and a Renamed event for each of the five files.
Use and
Distribution
You may use the Demo version. But there are limitations. The DEMO is
fully functional for 30 days. When the program expires, it will simply not do
anything but log expiration status to the logs. This software is sold per
server license. Corporate license’s available.
Visit http://www.lohja-associates.com/
to license your copy.
Installation
Download http://www.lohja-associates.com/filewatch/watchdemo.zip.
Extract contents of files into a temporary folder. Execute setup.exe and then
follow the menu prompts.
File Watcher uses InstallShield and Microsoft Installer.
File Watcher is also dependent on the Microsoft .NET Framework version
1.1 or greater.
Un-Installation
Use the Add/Remove Programs in MS Windows. Then delete any log files generated after the
install.
Configuration
File Watcher comes with a Management Console. It is located at c:\program files\lohja\filewatch\File
Watch Console.exe by default.
File Watcher Service
The service is installed using the “Local System” account. This account only has access to the local
computer File Watcher is installed on.
If you want to monitor network drives, simply configure the File Watcher
service to log on as a valid user account with rights to the share.
The service is installed without “Interact with desktop”. The program you execute will never be
displayed on the desktop but can be found in the Task List. Be sure the program you launch terminates
itself at some point or else it will run indefinitely. Be sure the program you launch never waits
for a user response.
When ever making changes in the File Watcher console, be sure to save
them before closing it. Clicking Start
automatically saves current settings.
You must Stop and Start File Watcher before new settings will take
effect.
Workflow
When the Service starts,
it reads settings then launches 6 independent threads in serial. These six independent threads monitor the O/S
file events working independently from each other – once loaded successfully. When a file system event is raised in your
directory, File Watcher will then execute all actions you have enabled. After all actions are executed by queue
monitor then it goes to sleep waiting for the next event.
File Monitor Settings
The Include Subdirectories setting indicates whether subdirectories within the root directory should be monitored. If the property is checked, File Watcher watches for the same changes in the subdirectories as it does within the main directory the component is watching.
For each of these events, you can define up to three actions that automatically execute when a change occurs.
Email Message Tab
Run Program
Toggle Service
SMTP
Settings
Logging
Filewatch.log
Log file: c:\program files\lohja\filewatch\Filewatch.log. This log file
is not purged every time File Watcher’s service starts. This file contains
application and directory information. It is a good idea to use this for the
message body when email is enabled.
Example filewatch1.log:
Troubleshooting
UNC Path Names Not Accepted on Windows NT 4.0 Computers
On a Windows NT version 4.0 computer and trying to set its path to monitor file system activity on a different Windows NT version 4.0 computer, you will not be able to specify a UNC-based path value in the Path property to point to the computer in question. You can only set UNC-based values when working on Windows 2000 computers.
Multiple Created Events Generated for a Single Action
You may notice in certain situations that a single creation event generates multiple Created events that are handled by your component. if you are monitoring the creation of new files in a directory, and then test it by using Notepad to create a file, you may see two Created events generated even though only a single file was created. This is because Notepad performs multiple file system actions during the writing process. Notepad writes to the disk in batches that create the content of the file and then the file attributes. Other applications may perform in the same manner. Because File Watcher monitors the operating system activities, all events that these applications fire will be picked up.
Note Notepad may also cause other interesting event generations. For example, if you use File Watcher to to watch only for attribute changes, and then you write to a file in the directory you are watching using Notepad, you will raise an event . This is because Notepad updates the Archived attribute for the file during this operation.
Unexpected Events Generated on Directories
Changing a file within a directory you are monitoring with a FileSystemWatcher component generates not only a Changed event on the file but also a similar event for the directory itself. This is because the directory maintains several types of information for each file it contains — the names and sizes of files, their modification dates, attributes, and so on. Whenever one of these attributes changes, a change is associated with the directory as well.