The below should be able to get a good chunk of your results. I got positive results when I ran this in a test environment.
1) You start off with a new WMI metric. I generally change the polling interval to every 60 seconds for the sake of system performance. The Property settings are as follows:
Namespace:
\\.\root\cimv2
Class name: CIM_DataFile
Counter: LastAccessed
Instance: Name="C:\\Dell\\Test\\Test.txt"
Data type: String
Notice the double back slashes. You need to use escape characters when using back slashes in a WQL statement. So if you were reading this, it would be "Select LastAccessed from CIM_DataFile Where Name='C:\\Dell\\Test\\Test.txt'"
I then placed the above new metric into a monitor category with a new category just for testing. No need for detection rules I suppose. Though you probably could do one for file exists.
The policy comes down, the metric is added to those who are monitored, then the blobs are uploaded to the NS based on whatever interval you have set.
Using the following SQL, I was able to get the below results.
Quote:
SELECT
SUBSTRING (REPLACE (ml.Instance, '\\', '\'), CHARINDEX ('=',ml.instance)+1, LEN (ml.instance))
AS 'File Looked For',
CASE
WHEN ml.Value = '' THEN NULL
WHEN SUBSTRING(ml.Value,11,1) = 'T' THEN CONVERT(DATETIME,ml.Value,126)
ELSE CONVERT(DATETIME,SUBSTRING(ml.Value,1,4) + '-' +
SUBSTRING(ml.Value,5,2) + '-' + SUBSTRING(ml.Value,7,2) + 'T' +
SUBSTRING(ml.Value,9,2) + ':' + SUBSTRING(ml.Value,11,2) + ':' +
SUBSTRING(ml.Value,13,2), 126)
END AS 'File Last Modified'
FROM dbo.MonitorMetricLog ml
JOIN dbo.AeXSMMasterMetrics mm
ON mm.Guid = ml.MetricGuid
WHERE mm.[Name] = 'The Name of Your newly created metric'
|
Results:
"c:\dell\test\test.txt" 2008-02-06 11:18:43.000
"c:\dell\test\test.txt" 2008-02-06 11:28:26.000
"c:\dell\test\test.txt" 2008-02-06 11:33:12.000
"c:\dell\test\test.txt" 2008-02-06 11:39:25.000
HTH
Linear Mode
