Security Basics mailing list archives
re: File Monitoring Program
From: H C <keydet89 () yahoo com>
Date: Thu, 12 Dec 2002 05:47:26 -0800 (PST)
Basically, I would like to know if anyone knows of a
program that can monitor file activity, from an .exe
down to the .dll that will show the time/date of activity and the username/login name of the person attempting to access the file. If it could be
configured
to only monitor a certain drive or even a certain
folder
that would be great.
Go here: http://patriot.net/~carvdawg/perl.html The script you're looking for is FSW.pl...File System Watcher. This script provides the core of the functionality you're asking for. Additions such as Win32::Daemon (from Dave Roth) and Net::Syslog will allow you to create a Win32 service that logs to a remote system via syslog. Of course, other modules will allow you to add/create more robust features, such as TCP-based logging w/ encryption, etc. Use of the Win32::API module will allow you to check for the addition of NTFS alternate data streams, and use of other functions will allow you to get the list of logged on users when a File Event is detected. The use of Perl2Exe will provide a standalone EXE file, as well. If this is something you're interested in, let me know... __________________________________________________ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com
Current thread:
- File Monitoring Program oc (Dec 11)
- Re: File Monitoring Program Glen Boyd (Dec 12)
- Re: File Monitoring Program Gene (Dec 13)
- <Possible follow-ups>
- RE: File Monitoring Program Bruyere, Michel (Dec 12)
- RE: File Monitoring Program Anthony, Shayla (Dec 12)
- RE: File Monitoring Program Donald V. Gerkin Jr. (Dec 13)
- Re: File Monitoring Program Gene (Dec 13)
- RE: File Monitoring Program Will Munkara-Kerr (Dec 12)
- RE: File Monitoring Program Andy Streule (Dec 12)
- re: File Monitoring Program H C (Dec 12)
- Re: File Monitoring Program H C (Dec 13)
- Re: File Monitoring Program Peter Howard (Dec 16)
- Re: File Monitoring Program Richard H. Cotterell (Dec 16)
- RE: File Monitoring Program Anthony, Shayla (Dec 16)