To add a directory, click the + icon in the "File Monitoring" section which will bring up the "Add / Edit Monitored Folder" dialog. This dialog lets you specify
•Which directory to monitor
•Which files to monitor inside the directory
•Which attributes/properties to monitor
•Whether you would like to generate event log alerts upon changes
•Whether to record changes in the database
The directory specified in the Folder field will be monitored, the Browse button can be used to browse to a local folder; environment variables such as %SYSTEMROOT% are supported. Specifying a UNC path such as \\Server1\Folder1 is NOT SUPPORTED, you must use the real directory of the network share, such as C:\Payroll. The "Include Sub Directories" option enables monitoring of files and folder in sub directories of the specified directory.
Files
By default, the agent will monitor all files in the specified directory, but you can customize how files are monitored in the specified directory. You can either monitor all files and exclude a subset of files, or only monitor a certain set of files based on extension, file name or sub folder.
Entries in the file list can also be excluded by preceding them with the exclamation mark !. For example, the following configuration will monitor all .exe and .sys files along with the hosts & lmhosts file in the %SYSTEMROOT%\system32 directory but exclude all files in the %SYSTEMROOT%\system32\drivers\wd directory.
Include all files in the selected folder, except for exclusion below
This setting will monitor all files in the selected folder, with the exception of files and/or wildcards listed in the "Exclusions" list. As such, click the + and - icons to add and remove files or patterns that should be excluded from monitoring.
Only monitor files that are included below
Only monitors a particular set of files in the specified directory. Click + and - icons to add and remove files or patterns that should be monitored. For example, to monitor all executable files in a directory, click the + icon and enter *.exe.
File names and paths need to be specified relative to the monitored folder. For example, if you are monitoring the folder C:\Logfiles, but want to exclude any file in the Temp sub directory (C:\Logfiles\Temp), then you would need to specify the filter as Temp\*.*. |
Monitor the following changes
Detect File Additions: Detects when new files are added to the directory
Detect File Deletions: Detects when files are deleted from the directory
Detect File Checksum Changes: Detects when the checksum of a file changes, using a 256-bit SHA checksum
Detect File Size Increases: Detects when the size of a file increased
Detect File Size Decreases: Detects when the size of a file decreased
Alerts
You can have the agent log an event to the application event log when a change has been detected, and you can track all changes in a selected database.
Log to Event Log as: Logs changes to the application event log with the specified severity, see Event Log for more details on events that can be logged by this feature.
Log as INFORMATION event if digital signature is valid: EventSentry can verify the digital signature of files and adjust the event severity automatically if a file has a valid signature. This can reduce the noise from file monitoring events by automatically suppressing events from files that are deemed legitimate.
Log to Database: Records changes to the database selected in the parent dialog.
Include file entropy: Enabling this option will calculate and store the entropy of each file in the database.