Tag Archive for: Folder Access

Automated Folder Access Logging Script

/0 Comments/in /by 

<#
.SYNOPSIS
Automated Folder Access Logging Script

.DESCRIPTION
This script monitors a specified folder and its subfolders for file system events
and logs these events to a file. It uses the FileSystemWatcher class to monitor
the folder in real-time.

.PARAMETER FolderPath
The path of the folder to monitor.

.PARAMETER LogFile
The path of the log file where events will be recorded.

.EXAMPLE
.\FolderAccessLogger.ps1 -FolderPath "C:\ImportantFolder" -LogFile "C:\Logs\FolderAccess.log"

.NOTES
File Name      : FolderAccessLogger.ps1
Author         : [Your Name]
Prerequisite   : PowerShell V3 or later
Version        : 1.0
Date           : [Current Date]
#>

param (
    [Parameter(Mandatory=$true)]
    [string]$FolderPath,

    [Parameter(Mandatory=$true)]
    [string]$LogFile
)

# Function to write log entries
function Write-Log {
    param (
        [string]$Message
    )
    
    $timestamp = Get-Date -Format "yyyy-MM-dd HH:mm:ss"
    $logEntry = "$timestamp - $Message"
    Add-Content -Path $LogFile -Value $logEntry
    Write-Host $logEntry
}

# Function to handle file system events
function Handle-FileSystemEvent {
    param (
        [System.IO.FileSystemEventArgs]$e
    )

    $eventType = $e.ChangeType
    $fullPath = $e.FullPath
    $message = "Event: $eventType, Path: $fullPath"
    Write-Log $message
}

# Create the log file if it doesn't exist
if (-not (Test-Path $LogFile)) {
    New-Item -Path $LogFile -ItemType File -Force
}

# Create a new FileSystemWatcher
$watcher = New-Object System.IO.FileSystemWatcher
$watcher.Path = $FolderPath
$watcher.IncludeSubdirectories = $true
$watcher.EnableRaisingEvents = $true

# Define the events to watch for
$changeTypes = [System.IO.WatcherChangeTypes]::Created -bor `
               [System.IO.WatcherChangeTypes]::Deleted -bor `
               [System.IO.WatcherChangeTypes]::Changed -bor `
               [System.IO.WatcherChangeTypes]::Renamed

# Set up event handlers
$onChanged = Register-ObjectEvent $watcher "Changed" -Action {
    Handle-FileSystemEvent -e $Event.SourceEventArgs
}
$onCreated = Register-ObjectEvent $watcher "Created" -Action {
    Handle-FileSystemEvent -e $Event.SourceEventArgs
}
$onDeleted = Register-ObjectEvent $watcher "Deleted" -Action {
    Handle-FileSystemEvent -e $Event.SourceEventArgs
}
$onRenamed = Register-ObjectEvent $watcher "Renamed" -Action {
    $oldPath = $Event.SourceEventArgs.OldFullPath
    $newPath = $Event.SourceEventArgs.FullPath
    $message = "Event: Renamed, Old Path: $oldPath, New Path: $newPath"
    Write-Log $message
}

Write-Log "Starting folder access monitoring for: $FolderPath"

try {
    # Keep the script running
    while ($true) {
        Start-Sleep -Seconds 1
    }
}
finally {
    # Clean up event handlers when the script is stopped
    Unregister-Event -SourceIdentifier $onChanged.Name
    Unregister-Event -SourceIdentifier $onCreated.Name
    Unregister-Event -SourceIdentifier $onDeleted.Name
    Unregister-Event -SourceIdentifier $onRenamed.Name
    $watcher.Dispose()
    Write-Log "Folder access monitoring stopped."
}

To use this script:

  1. Save it as FolderAccessLogger.ps1.
  2. Open PowerShell as an administrator.
  3. Navigate to the directory containing the script.
  4. Run the script with the required parameters:

.\FolderAccessLogger.ps1 -FolderPath "C:\PathToMonitor" -LogFile "C:\Logs\FolderAccess.log"

Replace "C:\PathToMonitor" with the path of the folder you want to monitor, and "C:\Logs\FolderAccess.log" with the desired path for your log file.

Key features of this script:

  1. Real-time monitoring: Uses FileSystemWatcher to detect changes as they happen.
  2. Comprehensive logging: Logs creation, deletion, modification, and renaming of files and folders.
  3. Subfolder inclusion: Monitors the specified folder and all its subfolders.
  4. Timestamped logs: Each log entry includes a timestamp for easy tracking.
  5. Continuous operation: The script runs indefinitely until manually stopped.
  6. Clean shutdown: Properly disposes of resources when the script is stopped.

Notes:

  • This script needs to be run with appropriate permissions to access the folder being monitored and to write to the log file.
  • The script will continue running until you manually stop it (e.g., by pressing Ctrl+C).
  • For long-term use, consider running this script as a Windows Service or scheduled task.
  • Be aware that monitoring a very active folder or a folder with many subfolders can generate a large number of events and potentially impact system performance.

This script provides a solid foundation for monitoring folder access and can be further customized based on specific needs, such as filtering certain types of files or events, or integrating with other notification systems.