One Directory - multiple monitors/actions

0

Hi!

I am just evaluating PA FileSight, but cannot really set it up the way, i want to.

Goal is: Monitor one drive/directory -> Log every file-deletion -> Send Mail if more than 10 files are changed in a minute -> Lock user, if user deletes/changes more than 30 files in a minute

How can I achieve this? Do I really need to monitor the directory 3 times? Isn't this a performance-problem? Is there any possibility to use different filters and different actions for ONE directory?

Thank you Best wishes KPS

asked 13 Nov '18, 03:56

KPS's gravatar image

KPS
111
accept rate: 0%

One Answer:
oldestnewestmost voted
0

Hi KPS,

Thank you for trialing PA File Sight!

To accomplish your goals for the business rules that you have you will need to use two monitors. One monitor for the business rule of “Send Mail if more than 10 files are changed in a minute” and another monitor for the “Lock user, if user deletes/changes more than 30 files in a minute”.

First monitor, you could call this monitor File Changes (just a suggestion so that you can tell the monitors apart).

  • Monitor one drive/directory – Add a PA File Sight monitor to monitor the drive and directory that you need monitored.
  • Log files are changed – On the tab called File Types take the default setting to monitor All Files. Then on the tab File Activities check any of the options that you need to record for file changes. Don’t check the deletes we’ll put those in the second monitor. Last thing is to uncheck the “Fire actions if the above file activities occur”, this will keep the service from sending alerts for each change.
  • Lock Account for both “10 files are changed”. On the User Activities tab set the following. Check WRITES more than the following number… and set the value to 10. Check RENAMES more than the following number… and set the value to 10. Set the time range for 1 minute.
  • Send Mail – Add your email action to the Actions for this monitor. (Click on the Actions button to get this menu)

Second monitor, you could call this monitor Heavy User Activity.

  • Monitor one drive/directory – Add a PA File Sight monitor to monitor the same drive as the other monitor.
  • Log files that are changed and deleted – On the tab called File Types take the default to monitor All Files. Then on the tab File Activities check all of the files changes like we did in the first monitor and also check the File is Deleted and File is Moved.
  • Lock Account for “user deletes/changes more than 30 files”. On the User Activities tab set the following. Check WRITES more than the following number… and set the value to 30. Check RENAMES more than the following number… and set the value to 30. Check DELETES more than the following number… and set the value to 30. Set the time range for 1 minute.
  • Lock User – for this monitor you will want to add the action called Add user to Blocked User List. You may also want to add any other actions that you need fired when this monitor goes into alert mode.

Note – there are other settings in the monitor that you may choose to use or not use.

Here a link to the online documentation: https://www.poweradmin.com/help/pa-file-sight-7-2/

Thanks
Quinn

Please make sure to mark your questions accepted when you have your answer by clicking the gray check mark to the left of the answer.

link

answered 13 Nov '18, 10:10

Quinn's gravatar image

Quinn ♦♦
14.5k3925
accept rate: 35%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

learn more about Markdown

Tags:

×13
×4
×2

Asked: 13 Nov '18, 03:56

Seen: 2,566 times

Last updated: 13 Nov '18, 10:10

Related questions

Report for Alert History?

Using "Phone Dialer" to deliver SMS alerts

Configure actions - FIre actions settings not saved after apply

List of where actions are used

$DeviceName$ does not work

Is it possible to monitor if files are copied from a directory ?

Can't remove resolved actions with 5.8.0.307

Using Power Template with variable e-mail actions

Break inheritance

Change default email action