powershell script to monitor file and folder changes with email alert

If you are impatient to read scroll down for the script

For any DevOps issues or solutions join my telegram group https://t.me/+veHhcKTWFv1kYWM9

I was looking out for a software or script that could monitor folder and file changes on windows server. Unfortunately the scripts available online using filesystemwatcher had limitations.

Filesystemwatcher can only include and not exclude file types or directories from monitoring, So including sub directories in single watcher instance would trigger email for file types and directories we don’t want to monitor and spam inbox with alerts,If we exclude sub directories from filesystemwatcher then have to run multiple watcher instances for each folders and file types which is crazy.

I finally ended up writing a powershell script using filesystemwatcher that can exclude file types and folders from triggering alerts, I am sharing it to make your work easier feel free to modify and use it as per your requirements.

##set watcher.Path to match the folder you want to monitor
##watcher.Filter to be set to wildcard, you can exclude file types from ### filesystemwatcher exclude files section
##watcher.IncludeSubdirectories to be true, you can exclude directories from ### filesystemwatcher exclude directory section

$watcher = New-Object System.IO.FileSystemWatcher
$watcher.Path = “C:\inetpub\wwwroot\”
$watcher.Filter = “*.*”
$watcher.IncludeSubdirectories = $true
$watcher.EnableRaisingEvents = $true

#what to do when a event is detected

$action = {
$fileName = Split-Path $Event.SourceEventArgs.FullPath -leaf
$path = $Event.SourceEventArgs.FullPath

### filesystemwatcher exclude files
### for excluding multiple file types use if (-not ($fileName -like ‘*.resources’) -and -not ($fileName -like ‘*.otherextension’))###

if (-not ($fileName -like ‘*.resources’) ) {

$changeType = $Event.SourceEventArgs.ChangeType
$logline = “$(Get-Date), $changeType, $path”

#write to log file
Add-content “C:\monitor_changes.txt” -value $logline

### filesystemwatcher exclude directory
### for excluding multiple directories
if (-not ($logline -like ‘*cache*’) -and -not ($logline -like ‘*Log*’) ) {

### trigger mail via smtp
$AWS_ACCESS_KEY = “your-aws-access-key-here”
$AWS_SECRET_KEY = “your-aws-access-secret-here”

$SECURE_KEY = $(ConvertTo-SecureString -AsPlainText -String $AWS_SECRET_KEY -Force)
$creds = $(New-Object System.Management.Automation.PSCredential ($AWS_ACCESS_KEY, $SECURE_KEY))

$from = “your-monitor@aws-verified-domain.com”
$to = “id_one <id_one@yourmail.com>”, “id_two <id_two@yourmail.com>”, “id_three <id_three@yourmail.com>”
Send-MailMessage -From $from -To $to -Subject $logline -Body $logline -SmtpServer email-smtp.us-east-1.amazonaws.com -Credential $creds -UseSsl -Port 587
}
}
}
#what events to be watched
Register-ObjectEvent $watcher “Created” -Action $action
Register-ObjectEvent $watcher “Changed” -Action $action
Register-ObjectEvent $watcher “Deleted” -Action $action
Register-ObjectEvent $watcher “Renamed” -Action $action
while ($true) {sleep 5}

Reach me out here if you need support setting this up.