Alert when a file is created in Windows/temp in Windows Server 2012r2

Question

Is there a way to get an alert when a file named SQL.log is created in Windows/temp in Windows Server 2012r2?

Answer 1

File SQL.log is randomly created in Windows/temp folder, which start growing and growing. I deleted, but I would like to be alerted as soon it is created to be able to "read" it and prevent the issue in other servers.

Answer 2

This one might help.

https://gallery.technet.microsoft.com/scriptcenter/Powershell-FileSystemWatche-dfd7084b

Answer 3

Hi

You can achieve that with Windows Auditing natively too.

To activate:

• Type gpmc.msc, or gpedit.msc.
• Navigate to “Computer Configuration” ➔ “Windows Settings” ➔ “Security Settings” ➔ “Local Policies” ➔ “Audit Policy”.
• Double-click “Audit Object Access”
• Click “Define these policy settings” checkbox. Click “Success” and “Failure”.

Now, you need to select that auditing to the folder;

• Open “Windows Explorer”, and navigate to the folder that you want to track.
• Right-click the folder and select “Properties”, and go to the Security tab
• Click “Advanced” to access “Advanced Security Settings”. In “Advanced Security Settings” window, navigate to “Auditing” tab.
• To create a new auditing entry, click “Add”. “Auditing Entry” window will appears
• Click “Select a Principal” to choose users whose activities you want to track, for your case select Everyone, or if your SQL instance run under a username, please add it there, it will limit the scoop of the auditing.
• Click Ok, Select “All” in “Type” drop-down menu.
• Select the permission you want, and click ok 3 time to get out of that windows.

Now to monitor it, we will check the event viewer.

Filter on the event id 4616, to see file creation.