USER REQUEST: NOTIFY ME USING WMI IF A FILE IS CREATED IN A DIRECTORY

Ok. Let’s see. I know to solution to this is very simple but know also that it can have some site effects. This site effects will occur on windows 2000 servers. The disk provider has some bug in it with the optimizing of the WQL query. But however who’s using windows 2000 anyway 😉

I assume that you use Windows 2003 std or higher (or XP pro Sp2). In the steps below we are going to create a WMI filter on the disk provider class. This filter will detect any changes on this directory. If a change occurs it will fire an action. This action is called a consumer. I will use the SMTP consumer to email the notification. Use can also use a CMD consumer to execute a script. To make it simple install the WMI toolkit from Microsoft.

1) Open the WMI EventRegistration tool. Make a connection to the server and use namespace “rootCIMV2“

2) Now we are going to create the filter. Select in the top left list box “Filters“. And right click on “__EventFilter“ and choose “new instance“.

3) type in the following properties:

Name: Detect_directory_change_filter
Query: select * from __InstanceModificationEvent within 10 where TargetInstance ISA ‘cim_directory’ AND TargetInstance.name = ‘C:tempimport’
QueryLanguage: WQL

Change the ‘C:tempimport’ to any directory you want to monitor. (be aware of the double backslash). I use the  “__InstanceModificationEvent”  class so we will be notified if a change occurs. If you want only a notification if a file is created or deleted change this to “__InstanceCreationEvent “  or  “__InstanceDeletionEvent “

The polling time is specified with the parameter: “within 10” . In this case it looks for changes every 10 seconds. To preserve CPU resources you should set this to 3600 (1h) or higher. For this test 10 seconds is ok. 

Press “OK“

4) Now we are going to create the consumer that will email the notification. In windows2003 this consumer is not installed by default (for security reasons). So we are going to install it.

Open a CMD and go to the c:windowssystem32wbem directory.

Type in : mofcomp -N:rootcimv2  smtpcons.mof

There must be no erros.

5) Now we are going to create the smtp notificaton. Select in the top left list box “Consumers“. And right click on “__EventConsumer -> SMTPEventConsumer“ and choose “new instance“.

Type in the following:

Name: Notifi_me_on_directory_change_consumer
FromLine: serverx@domainx.com
Message: Direcotry  %targetinstance.name%  has changed.
SMTPServer: any smtp mailserver name or IP
Subject: direcotry notification mail
ToLine: operator@domainx.xom

and press “OK“

6) The last step is to BIND the filter to the consumer. Go to the “filters“ and select the “Detect_directory_change_filter“ filter. Then on the right pane select the SMTPEventConsumer “Notifi_me_on_directory_change_consumer“. Then Press the green button in the right top.

Now it is active. Create a new file in the specified directory and there will be send a mail to the operator within 10 second.. If not you have made a mistake 😉 Look in the WMI log files (c:windowssystem32wbemlogs) to see any errors.

Please let me know if needed.

Michel