Automated Folder Access Logging Script

/0 Comments/in /by 

<#
.SYNOPSIS
Automated Folder Access Logging Script

.DESCRIPTION
This script monitors a specified folder and its subfolders for file system events
and logs these events to a file. It uses the FileSystemWatcher class to monitor
the folder in real-time.

.PARAMETER FolderPath
The path of the folder to monitor.

.PARAMETER LogFile
The path of the log file where events will be recorded.

.EXAMPLE
.\FolderAccessLogger.ps1 -FolderPath "C:\ImportantFolder" -LogFile "C:\Logs\FolderAccess.log"

.NOTES
File Name      : FolderAccessLogger.ps1
Author         : [Your Name]
Prerequisite   : PowerShell V3 or later
Version        : 1.0
Date           : [Current Date]
#>

param (
    [Parameter(Mandatory=$true)]
    [string]$FolderPath,

    [Parameter(Mandatory=$true)]
    [string]$LogFile
)

# Function to write log entries
function Write-Log {
    param (
        [string]$Message
    )
    
    $timestamp = Get-Date -Format "yyyy-MM-dd HH:mm:ss"
    $logEntry = "$timestamp - $Message"
    Add-Content -Path $LogFile -Value $logEntry
    Write-Host $logEntry
}

# Function to handle file system events
function Handle-FileSystemEvent {
    param (
        [System.IO.FileSystemEventArgs]$e
    )

    $eventType = $e.ChangeType
    $fullPath = $e.FullPath
    $message = "Event: $eventType, Path: $fullPath"
    Write-Log $message
}

# Create the log file if it doesn't exist
if (-not (Test-Path $LogFile)) {
    New-Item -Path $LogFile -ItemType File -Force
}

# Create a new FileSystemWatcher
$watcher = New-Object System.IO.FileSystemWatcher
$watcher.Path = $FolderPath
$watcher.IncludeSubdirectories = $true
$watcher.EnableRaisingEvents = $true

# Define the events to watch for
$changeTypes = [System.IO.WatcherChangeTypes]::Created -bor `
               [System.IO.WatcherChangeTypes]::Deleted -bor `
               [System.IO.WatcherChangeTypes]::Changed -bor `
               [System.IO.WatcherChangeTypes]::Renamed

# Set up event handlers
$onChanged = Register-ObjectEvent $watcher "Changed" -Action {
    Handle-FileSystemEvent -e $Event.SourceEventArgs
}
$onCreated = Register-ObjectEvent $watcher "Created" -Action {
    Handle-FileSystemEvent -e $Event.SourceEventArgs
}
$onDeleted = Register-ObjectEvent $watcher "Deleted" -Action {
    Handle-FileSystemEvent -e $Event.SourceEventArgs
}
$onRenamed = Register-ObjectEvent $watcher "Renamed" -Action {
    $oldPath = $Event.SourceEventArgs.OldFullPath
    $newPath = $Event.SourceEventArgs.FullPath
    $message = "Event: Renamed, Old Path: $oldPath, New Path: $newPath"
    Write-Log $message
}

Write-Log "Starting folder access monitoring for: $FolderPath"

try {
    # Keep the script running
    while ($true) {
        Start-Sleep -Seconds 1
    }
}
finally {
    # Clean up event handlers when the script is stopped
    Unregister-Event -SourceIdentifier $onChanged.Name
    Unregister-Event -SourceIdentifier $onCreated.Name
    Unregister-Event -SourceIdentifier $onDeleted.Name
    Unregister-Event -SourceIdentifier $onRenamed.Name
    $watcher.Dispose()
    Write-Log "Folder access monitoring stopped."
}

To use this script:

  1. Save it as FolderAccessLogger.ps1.
  2. Open PowerShell as an administrator.
  3. Navigate to the directory containing the script.
  4. Run the script with the required parameters:

.\FolderAccessLogger.ps1 -FolderPath "C:\PathToMonitor" -LogFile "C:\Logs\FolderAccess.log"

Replace "C:\PathToMonitor" with the path of the folder you want to monitor, and "C:\Logs\FolderAccess.log" with the desired path for your log file.

Key features of this script:

  1. Real-time monitoring: Uses FileSystemWatcher to detect changes as they happen.
  2. Comprehensive logging: Logs creation, deletion, modification, and renaming of files and folders.
  3. Subfolder inclusion: Monitors the specified folder and all its subfolders.
  4. Timestamped logs: Each log entry includes a timestamp for easy tracking.
  5. Continuous operation: The script runs indefinitely until manually stopped.
  6. Clean shutdown: Properly disposes of resources when the script is stopped.

Notes:

  • This script needs to be run with appropriate permissions to access the folder being monitored and to write to the log file.
  • The script will continue running until you manually stop it (e.g., by pressing Ctrl+C).
  • For long-term use, consider running this script as a Windows Service or scheduled task.
  • Be aware that monitoring a very active folder or a folder with many subfolders can generate a large number of events and potentially impact system performance.

This script provides a solid foundation for monitoring folder access and can be further customized based on specific needs, such as filtering certain types of files or events, or integrating with other notification systems.

You might also like
Folder Permissions in Windows
Comprehensive Logging Tool
RDS Login and Logout Logging Script
Folder Permission Analyzer Tool
0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *