DiskBoss Logo
Flexense Data Management Software

Real-Time Disk Change Monitor

DiskBoss Ultimate and DiskBoss Server include a real-time disk change monitor capable of detecting newly created, modified and deleted files. The real-time disk change monitor provides the user with the ability to monitor one or more disks or directories, detect all changes made in the monitored file systems, send E-Mail notifications, save HTML, PDF, XML, text and Excel CSV reports, export disk changes to an SQL database, automatically trigger DiskBoss file management operations and/or execute user-custom commands or batch files.

Disk Change Monitoring Command

The real-time disk change monitor allows one to monitor specific types of files or file groups using flexible file matching rules. In addition, the user is provided with the ability to execute pre-configured file management commands as actions triggered by a disk change monitoring operation. For example, a user-defined file synchronization command may be automatically triggered after each X changes in a disk or directory effectively providing real-time file synchronization capabilities.

Disk Change Monitoring Results

Finally, IT and storage administrators are provided with the ability to trigger file integrity monitoring operations based on real-time disk activities, automatically validate authenticity of critical system files, prevent malicious software from making any changes in the operating system files and ensure the security of critical production servers.

Configuring Disk Change Monitoring Commands

The most effective way to monitor changes in one or more disks or directories is to use DiskBoss Server, which runs in the background as a service and is capable of monitoring disks, saving reports and sending E-Mail notifications even when no one is logged in. In order to create a simple disk change monitoring command, start the DiskBoss client GUI application, press the 'Add' button located on the main toolbar, select the 'Disk Change Monitoring Command' menu item, enter a unique command name and press the 'Ok' button.

Add Disk Change Monitoring Command

On the command inputs dialog, add one or more disks or directories that should be monitored and press the 'Next' button. On the disk change monitoring command options dialog, select the types of file system changes that should be monitored and press the 'Save' button.

Disk Change Monitoring Command Options

By default, DiskBoss will monitor all types of file system changes, but the user is provided with the ability to customize various disk change monitoring options, specify which types of files to monitor, exclude specific subdirectories from the disk change monitoring process, configure disk change monitoring reports, E-Mail notifications and custom actions.

Reviewing Detected File System Changes

In order to review detected file system changes, open the DiskBoss client GUI application and click on the disk change monitoring command item. The disk change monitoring results dialog shows a list of detected file system changes and allows one to start, pause, resume and stop the disk change monitoring operation, display statistical charts, save various types of disk change monitoring reports and export detected file system changes to an SQL database.

File System Changes

The top view shows the list of detected file system changes. For each change, DiskBoss shows the date and time of the change, the type of the change (created, modified, renamed or deleted), the size of the modified file as recorded at the time of the change, the user name of the file owner, and the full file or directory name.

File System Changes Categories

The bottom view shows categories of detected file system changes according to the currently selected file categorization mode. By default, DiskBoss categorizes detected file system changes by the file extension and displays a list of file extensions sorted by the number of detected file system changes. In addition, the user is provided with the ability to categorize changes by the change type, user name, file size and file type.

Filtering File System Changes

The disk change monitor allows one to filter detected file system changes by the change type, file type, extension, file size, user name, etc. Use the categories combo box located on the left side of the categories control bar to select an appropriate file categorization mode.

Filter File System Changes

In order to filter changes using one or more filters, select the required file categorization mode, select one or more categories of changes, press the right mouse button and select the 'Apply Filters' menu item. The disk change monitor will update the change list and show file system changes matching the selected filters.

File System Changes Filter Active

Change filters may be enabled when the disk change monitor is active filtering and displaying matching file system changes in real-time. In order to reset active file filters, just press the 'Clear' button located on the right side of the categories control bar.

Disk Change Monitoring Charts

The DiskBoss real-time disk change monitor provides the ability to display various types of statistical pie charts and bars charts showing the number of changes per file extension, file category, change type and user name. In order to display a pie chart, open the disk change monitoring results dialog and press the 'Charts' button.

Disk Change Monitoring Chart Extensions

The charts dialog shows statistics according to the currently selected file categorization mode. For example, in order to display a pie chart showing the number of changes per change type, select the 'Categorize Changes Per Change Type' file categorization mode and then press the 'Charts' button.

Disk Change Monitoring Chart Change Types

The charts dialog provides the ability to display the number of changes per file category or the total size of changed files. In addition, the user is provided with the ability to edit chart properties, copy the chart image to the clipboard or print the displayed chart image.

Saving Disk Change Monitoring Reports

The DiskBoss disk change monitor allows one to save HTML, PDF, XML, text and Excel CSV reports. In order to save a report file press the 'Save' button located on the disk monitor results dialog, enter a report title, select an appropriate report format, enter the maximum number of changes to export, enter the report file name and press the 'Save' button.

Save Disk Change Monitoring Report

A typical report file includes a summary table showing the report date and time, the total number of file system changes that were detected, the number of changes exported to the report, the change rate, the process time and the status of the change filter. The change categories table shows up to 10 top change categories according to the currently selected file categorization mode. If the report is saved with one or more active file filters, the selected filters will be highlighted in the categories table and the change list will show changes matching the selected file filters.

Disk Change Monitoring HTML Report

The file categories table is followed by the list of detected file system changes. For each file system change, DiskBoss shows the date and time of the change, the change type (created, modified, renamed or deleted), the size of the file as recorded at the time of the change, the user name of the file owner and the full name of the changed file or directory.

Exporting Changes to an SQL Database

DiskBoss provides the ability to export detected file system changes to an SQL database. In order to be able to export changes to an SQL database, the user needs to configure the ODBC database interface on the main options dialog. Open the main options dialog, select the 'Database' tab, enable the ODBC database interface, enter the ODBC data source name, ODBC user name and ODBC password to use to connect to the SQL database and press the 'Verify' button to check the specified ODBC data source.

DiskBoss SQL Database Integration

Once finished configuring the ODBC database interface, open the disk change monitoring results dialog, select one or more detected file system changes, press the right mouse button and select the 'Export Changes To SQL Database' menu item. On the next dialog, enter the name of the SQL database table to export the selected changes to and press the 'Ok' button.

Exporting Changes to an SQL Database

If the specified SQL database table does not exist, DiskBoss will create a new SQL database table and export the selected file system changes to the newly created database table. If the specified SQL database table already exists, DiskBoss will add selected changes to the existing SQL database table.

Importing Data to Microsoft Excel

In order to import file system changes from an SQL database to Microsoft Excel, select the menu 'Data - Import External Data - New Database Query' menu item, select the ODBC data source to import the data from, select the SQL database table name that was specified during the export operation, select SQL database table columns to be imported, optionally select the data sorting mode and press the 'Finish' button.

File System Changes in Microsoft Excel

For each detected file system change, DiskBoss exports to the SQL database the following columns of data: a unique change ID, the date and time of the change, the type of the change (created, modified, renamed or deleted), the size of the file as recorded at the time of the change, the user name of the file owner and the full file or directory name.

Disk Change Monitoring E-Mail Notifications

DiskBoss provides the ability to send E-Mail notifications when a disk change monitoring operation detects a user-specified number of changes. In order to configure E-Mail notifications for a disk change monitoring command, open the disk change monitoring command options dialog, select the 'Actions' tab, enable disk change monitoring actions, specify the number of changes that should trigger the actions, enable E-Mail notifications and specify an E-Mail address to send E-Mail notifications to.

Disk Change Monitoring E-Mail Notifications

In addition, the user needs to configure an SMTP server to use to send E-Mail notifications. In order to configure the SMTP server, open the options dialog, select the 'E-Mail' tab, enable E-Mail notifications, specify the source E-Mail address, the SMTP server name, the SMTP server port, the SMTP user name and password to use to send E-Mail notifications.

DiskBoss E-Mail Notifications Configuration

Optionally, the user can send E-Mail notifications via a secured network connection using the TLS or SSL network protocols. Once finished configuring the SMTP server, press the 'Verify E-Mail Account' button to test the specified SMTP server name, user name and password.

Automatic Generation Of Disk Change Monitoring Reports

In addition to E-Mail notifications, the user is provided with the ability to automatically save disk change monitoring reports in a user-specified directory. In order to enable automatic report generation, open the disk change monitoring command dialog, select the 'Actions' tab, enable disk change monitoring actions, specify the number of changes that should trigger the monitoring actions, enable the report generation action, select an appropriate report format and specify a directory where to save disk change monitoring reports.

Disk Change Monitoring Reports

During runtime, DiskBoss will monitor the specified disks and directories and automatically save disk change monitoring reports in the specified directory every X file system changes as configured on the 'Actions' tab. Each report file will be saved with an automatically generated file name including the date and time of the report.

Disk Change Monitoring PDF Report

For each file system change in a report file, DiskBoss shows the date and time of the change, the change type (created, modified, renamed or deleted), the size of the file as recorded at the time of the change, the user name of the file owner and the full name of the changed file or directory.

Monitoring Specific File Types or File Categories

Active production servers may have a very high rate of disk changes resulting in very long disk change monitoring reports significantly complicating identification of critical file system changes and resulting in additional overhead on running, production systems. In order to minimize the number of unimportant file system changes recorded by a disk change monitoring operation, DiskBoss provides the ability to limit the disk change monitoring operation to user-specified types of files.

Disk Change Monitoring Rules

For example, the user may configure a disk change monitoring command to monitor only programs and executable files and exclude changes detected in all other types of files. In order to configure a disk change monitoring command to monitor specific types of files, open the disk change monitoring command options dialog, select the 'Rules' tab and add one or more file matching rules specifying which types of files to monitor. During runtime, the disk change monitor will evaluate detected file system changes and just skip all changes not matching the specified rules.

Negative Disk Change Monitoring Rules

Another option is to exclude specific types of files from the disk change monitoring process using one or more negative file matching rules. For example, in order to exclude temporary files from a disk change monitoring operation, add a file matching rule, select the 'Temporary Files' file category and select the 'Not Categorized As' rule operator. Now, the disk change monitoring operation will skip all temporary files from the disk change monitoring process.

Excluding Subdirectories from the Monitoring Process

Sometimes, it may be required to exclude one or more subdirectories from the disk change monitoring process. For example, if you need to monitor a disk excluding one or two special directories, you may specify the whole disk as an input directory and add the directories that should be skipped to the exclude list.

Disk Change Monitoring Exclude Directories

In order to add one or more subdirectories to the exclude list, open the disk change monitoring command dialog, select the 'Exclude' tab and press the 'Add' button. All files and subdirectories located in the specified exclude directory will be excluded from the disk change monitoring process. In addition, users are provided with a number of exclude directories macro commands allowing one to exclude multiple directories using a single macro command.

DiskBoss provides the following exclude directories macro commands:

  • $BEGINS <Text String> - this macro command excludes all directories beginning with the specified text string.
  • $CONTAINS <Text String> - this macro command excludes all directories containing the specified text string.
  • $ENDS <Text String> - this macro command excludes all directories ending with the specified text string.
  • $REGEX <Regular Expression> - this macro command excludes directories matching the specified regular expression.
  • $DIRLIST <File Name> - this macro command excludes all directories listed in the user-specified text file.
  • $FILELIST <File Name> - this macro command excludes all files listed in the user-specified text file.

For example, the exclude macro command '$CONTAINS Temporary Files' will exclude all directories with 'Temporary Files' in the full directory path and the exclude macro command '$REGEX \.(TMP|TEMP)$' will exclude directories ending with '.TMP' or '.TEMP'.

Triggering Automated File Management Operations

One of the most powerful capabilities of DiskBoss is the ability to trigger custom file management operations after a user-specified number of file system changes is detected in one or more disks or directories. This capability may be very effectively used to trigger file synchronization, policy-based file management and automatic file delete and data retention operations on production servers and corporate storage systems.

Custom Disk Change Monitoring Actions

For example, in order to automatically synchronize a server with a NAS device, create a file synchronization operation configured to synchronize a source directory on the server to a destination directory on the NAS device, create a disk change monitoring command configured to monitor the source directory on the server, open the disk change monitoring command dialog, select the 'Actions' tab, enable disk change monitoring actions, specify the number of file system changes that should trigger the action, enable the DiskBoss command action and select the previously configured file synchronization command to be executed.

Disk Change Monitoring Action Triggers

In addition to the ability to trigger the disk change monitoring actions every X file system changes, DiskBoss allows one to trigger the actions if the change rate reaches a user-specified number of changes per minute or per hour. Finally, the user is provided with the ability to trigger the disk change monitoring actions after a user-specified timeout even if the number of detected file system changes is less than the specified value.

Triggering File Integrity Monitoring Operations

In addition to the real-time disk change monitor, DiskBoss provides the file integrity monitor, which is capable of saving digital security signatures of critical system files and then periodically verifying authenticity of critical system files by comparing the current digital security signatures to the previously saved digital security signatures. One of the most powerful capabilities of DiskBoss is the ability to monitor one or more disks or directories and automatically trigger verification of critical system files based on real-time disk activities and then send E-Mail notifications and generate reports if any unauthorized changes are detected in critical system files thus ensuring the security of critical systems and production servers.

File Integrity Monitoring Command

For example, in order to monitor critical files in the Windows system directory, create a file integrity monitoring command, configure the command to monitor the Windows directory, add a file matching rule limiting the monitoring operation to programs and executable files and than save a reference digital signature of the Windows system directory.

File Integrity Monitoring Trigger

Now, create a new real-time disk change monitoring command, configure the command to monitor the Windows system directory, select the 'Actions' tab, enable disk change monitoring actions, enable the DiskBoss command action and specify the previously configured file integrity monitoring command to be automatically triggered after each X changes detected in the Windows system directory. The file integrity monitoring command will scan the Windows system directory, verify digital signatures of programs and executable files, check if there are any modified programs or executable files and send an E-Mail notification if required.

Monitoring Disks Using DiskBoss Command Line Utility

In addition to the DiskBoss GUI application, DiskBoss Ultimate and DiskBoss Server provide a command line utility allowing one to monitor one or more disks or directories from batch files and shell scripts. The DiskBoss command line utility is located in the '<ProductDir>/bin' directory.

diskboss -monitor -dir <Directory 1> [ ... <Directory X> <Options> ]

This command monitors the specified disks or directories and displays detected file system changes on the standard output. In addition, the user is provided with the ability to export detected file system changes to HTML, XML, text, Excel CSV, PDF and XML reports.

diskboss -execute <User-Defined Disk Monitoring Command>

This command executes a user-defined disk change monitoring command pre-configured using the DiskBoss GUI application or imported from an XML file.

Options:

-exclude_dir <Exclude Directory 1> [ ... <Exclude Directory X> ]

This option specifies the list of directories that should be excluded from the disk change monitoring operation. In order to ensure proper parsing of command line arguments, directories containing space characters should be double quoted.

-save_html_report [ Report File Name ]

This option saves disk change monitoring results to an HTML report file. If no file name is specified, DiskBoss will automatically generate a file name according to the following template: diskboss_[date]_[time].html and save a report file in the user's home directory.

-save_csv_report [ Report File Name ]

This option saves disk change monitoring results to an Excel CSV file. If no file name is specified, DiskBoss will automatically generate a file name according to the following template: diskboss_[date]_[time].csv and save a report file in the user's home directory.

-save_text_report [ Report File Name ]

This option saves disk change monitoring results to a text report file. If no file name is specified, DiskBoss will automatically generate a file name according to the following template: diskboss_[date]_[time].txt and save a report file in the user's home directory.

-save_pdf_report [ Report File Name ]

This option saves disk change monitoring results to a PDF report file. If no file name is specified, DiskBoss will automatically generate a file name according to the following template: diskboss_[date]_[time].pdf and save a report file in the user's home directory.

-save_xml_report [ Report File Name ]

This option saves disk change monitoring results to an XML report file. If no file name is specified, DiskBoss will automatically generate a file name according to the following template: diskboss_[date]_[time].xml and save a report file in the user's home directory.

-save_report [ Report File Name ]

This option saves disk change monitoring results to a native DiskBoss report file, which may be later loaded in the DiskBoss GUI application for future review and analysis. If no file name is specified, DiskBoss will automatically generate a file name according to the following template: diskboss_[date]_[time].flr

-save_to_database

This option saves disk change monitoring results to an SQL Database using the ODBC interface configured in the DiskBoss GUI application options dialog.

-title <Report Title>

This option sets a custom report title.

-label <Report Label>

This option sets a custom report label.

-compress

This option instructs to save compressed report files.

-v

This option shows the product's major and minor versions.

-help

This option shows the command line usage information.