The File Event Monitor is designed to monitor multiple aspects of any file on your Windows-based systems. The monitor can look at a wide range of aspects, like file size, file presence, specific textual items present or absent from the file, et cetera.
The File Event Monitor detects changes to a file over time, allowing you to constantly be informed on what has changed since the last run. This tutorial will teach you how to set up a File Event Monitor as well as how to tailor its configuration to your needs.
In the Event Monitors section of FrameFlow, right-click on the folder you would like your new event monitor to be in. Select "Add Event Monitor", and search through the list of monitors that appears until you find "File Event Monitor". When you select this monitor, you may notice that there are other event monitors with similar names. This tutorial is concerned only with the File Event Monitor, which is designed for Windows systems.
In the File Event Monitor settings, you can modify the name of the event monitor and add a description. Use the device chooser to add the devices you would like to monitor files from. To choose a file within the devices to monitor, enter the file's full UNC path. Use the token [devicename] in place of the actual device name. When the event monitor runs, it will replace [devicename] with each of your selected network devices as it checks each one. This allows you to monitor files with the same name across multiple devices. If the files you want to monitor have different names, they require a separate event monitor.
The checkboxes above are standard alert parameters. You can select alert levels for a wide range of things to do with the file you're monitoring. There are alert settings for when the device cannot be reached, for if the file is missing or present, for changes in the file size and contents, and more. Over time, and with a bit of experimentation, you will find what settings work best for your file monitoring configuration.
For example, if your system has a separate log file created in the event of some error condition, you can set up a File Event Monitor to alert you if that error log file ever shows up. If you have a log file that is supposed to update on a set interval, you can be alerted if it has not been updated by telling the monitor to alert you if the size of the target file has stayed the same since the last run. These settings are extremely flexible, giving you the ability to monitor virtually any change to any file on your network devices.
Expanding the check box called "Check the Contents of the File" reveals an entire subset of advanced options. These options allow the event monitor to look within the file. With the first option, you can choose to be alerted if the monitor finds a certain line of text in the file. There are options underneath this check box that allow you to see what line the text was found on, and also to contextualize the target text by including a few lines before and after it in the error message.
Note that you can also use regular expressions in the text box when you turn this option on. The check box called "Do not alert if the same line contains" is an additional filter that will omit any instance of your target text from triggering an alert if it also contains the text you add in this box. If you were only interested in being alerted about one specific error condition, this option may help filter out the undesired notifications.
You can also be alerted if a certain piece of text is NOT present in your file. If your system was meant to perform a check and the word "checked" was not found in the file, for example, this option would alert you to the possibility that the check did not take place. You can use regular expressions here, as well.
Most commonly, you will always want to enable the check box labeled "Only check for text that is new since the last check". Otherwise, every run the event monitor does will raise the same alerts. With this box checked, the event monitor will remember where it left off and only alert based on pieces of text that are new since the last run.
Underneath this, you can choose to be alerted if the file size has shrunk since the last check, in which case the event monitor will alert you, then monitor the file from the beginning to the end. Subsequent runs will only check the new text, as before.
With the "Enable date/time tokens in the file name" box checked, you can use tokens to log files based on date or time. The event monitor will replace the tokens with the current date and time automatically when it runs. It doesn't matter what month/day/year format your files use, as there is a token for each one.
If your target file changes daily from "event-log-2020-09-31" to "event-log-2020-10-01", you would simply replace those dates in the file path with tokens. It would become "event-log-%%YYYY%%-%%MMZ%%-%%DDZ%%". Note that in this example, the file's dating system uses a four-digit year and single-digit months and days are preceded by a zero. The corresponding tokens were used, which is important for proper file detection.
Below is a complete list of tokens and how to use them.
After all this, of course, you will need to select an authentication profile to be used with your new event monitor. It needs to have sufficient authentication to access the file being monitored through FrameFlow.
This tutorial showed you how to set up a File Event Monitor and tailor it to your specific file monitoring needs. We showed you how to receive alerts based on external file attributes, as well as advanced options that allow you to check within a file for certain things. The tutorial also covers how to use date and time tokens to monitor a daily or hourly log file automatically. Refer to our File Event Monitor reference guide for more documentation on this event monitor. Stay tuned for new tutorials on related subjects!
More IT Monitoring Features