Can beats monitor file age?

Is there a method to monitor file age?
We have a windoz app we need to monitor and one of the health checks is that it stops updating a status file.

You could use the built in auditing feature in Windows to track writes to the file. Then use Winlogbeat to read the audit event from the Security event log. Windows should log an event anytime a process opens the file or modifies it.

From what I remember you need to enable Audit Object Access in the machines security policy (local or group). Then configure the properties of the file in question to enable auditing. Found this with a quick search: https://blogs.technet.microsoft.com/mspfe/2013/08/26/auditing-file-access-on-file-servers/

Then in Winlogbeat you would setup config with something like:

winlogbeat.event_logs:
- name: Security
  event_ids: 4663

That's a great idea Andrew !
I was posed to begin looking at one off powershell or something.

This topic was automatically closed after 21 days. New replies are no longer allowed.