By Thomas Underwood 🕓 Updated on June 17, 2021 at 4:00 pmThe File & Folder Watcher, as a part of Automation Workshop, is a Directory Watcher tool that monitors folders and files for changes in their contents. When the specified type of content modification (e.g., file or folder creation, modification, deletion, or renaming) is detected in the monitored folder, the Directory Watcher automatically runs the associated Task, which reacts to these changes.
Overview
In this tutorial, we will perform simple Windows file auditing, namely, auditing file deletion. We will set the File & Folder Watcher to watch a directory for the event of file deletion. In case of such an event, the Directory Watcher will run a Task that contains the Send Email Action configured to send a notification email to the network administrator with the full path and name of the deleted file (as well as the name of the computer on which it took place).
Create a Task
How to create a Task? Open the Automation Workshop Manager and choose the New Task option from the File menu. Alternatively, press the CTRL+N keyboard shortcut or choose the New Task option from the context menu in the Task Pane. This will open the Task Wizard, a step-by-step guide for Task creation.
Add Folder Watcher
How to add the File & Folder Watcher? Once in the Task Wizard, go to the Triggers tab and click the Add button. Choose the File & Folder Watcher Trigger and click OK. This will open the Folder tab of the File & Folder Watcher settings. Specify the folder to watch (the C:\Important data\ folder will be used in this tutorial) and whether to monitor its subdirectories (by marking the Also, watch in subfolders checkbox).
Now, let us go to the Conditions tab of the File & Folder Watcher and choose what events to monitor. Since the idea was to audit deleted files, let us choose the appropriate option, namely, Watch for deleted files.
Now, let us save the Directory Watcher settings and click OK. The File & Folder Watcher Trigger should appear in the Triggers list in the Task Wizard, indicating that the C:\Important data\ directory will be watched for deleted files. Now, let us click the Next button to go to the Action tab.
Email reports
How to configure the Send Email Action to report changes detected by the Directory Watcher? In the Action tab of the Task Wizard, click the Add button. Choose the Send Email Action from the Email category and click OK to enter its settings. Specify the sender's and recipient's email addresses, and provide an email subject line and message text.
Note the green Computer name and Filename values that are not just regular text, but dynamic Variable Wizard values that, upon Task execution, are replaced with the actual computer name and the name of the deleted file.
Let us see how to add a dynamic Variable Wizard value to the email message text. Click the Variable Wizard button next to the Email text field to open the Variable Wizard window.
To retrieve the name of the deleted file from the Trigger, choose File & Folder Watcher in the Triggers category, and note that Full path and filename will be returned. Click OK and see the Filename variable appear. The email text will contain just the name of the file (not the file itself). To add the file itself to the email, the same dynamic value would need to be used in the Attachment field (if it were not referring to a deleted file, that is).
Note that the Computer name from the System category is added to the email subject field in a very similar manner.
Click OK to return to the Task Wizard, and note that the Send Email Action has been added. Now continue with the remaining steps of Task creation, such as the Run As settings that determine the user credentials the Task is executed with, email reports of Task failure or successful completion, and Task information including its name and description. Finish the Task.
Summary
We have just created a Task that will perform a simple audit of deleted files by continuously monitoring the C:\Important data\ directory and its subdirectories (using the File & Folder Watcher).
When a file in this directory is deleted, the Task will send an email message that contains the name of the computer and the full path and filename (using Send Email). The Send Email Action gets the name of the deleted file from the File & Folder Watcher and the name of the computer from Windows by using the Variable Wizard.
Ask for more…
If you have any questions, please do not hesitate to contact our support team.