Does anyone know of another way to monitor folders/files in Windows other than fschange? I have played with the "monitor" stanza and WMI with very limited success. I have recently upgraded our infrastructure to Splunk 6, and with fschange being deprecated, I need to find an alternative to monitor file integrity.
Thank you in advance.
STEALTHbits offers a file activity monitor and preconfigured Splunk dashboard https://splunkbase.splunk.com/app/3432/
You could either use Window's built in auditing features or you could wrap Tim Golden's change monitoring python scripts into a modular input or scripted input.
Does this help you?
Hi dart,
Thank you for the response, but the Tim Golden's python script would not work for us. We need to monitor 6000+ endpoints in the field and installing python on each endpoint isn't an option. The other link you sent me was for fschange, and I am looking for alternatives to fschange, as fschange has been deprocated in Splunk 5.0.