I want to develop the application which logs the files / directories accessed on the machine.
e.g. I go to D:\ and into a folder documents and open a word file. I want my application to create a log in the following format:
- D:\ Opened
- D:\documents Opened
- D:\documents\secret.docx Opened
I've used FileSystemWatcher to achieve the oth开发者_如何学Cer type of file system activity but unable to get events for accessing this.
sounds like you wanna do a FileMon program like sys internals. in their website Mark tells about the way FileMon works so you can get some inspiration by reading the article.
also see here: How do you monitor file access and changes on a file server by user name?
Not sure this sort of monitoring can be achieved with filesystemwatcher as it is aimed at monitoring changes I believe. You could use filesystem Auditing (by going into advanced security settings) which will log events in eventlog and you can pull it from there.
Most viable option is use of file system filter driver. Such driver gives you fine-grain control over all requests going to particular file system. The only issue with this approach is complexity of developing such driver in kernel mode.
精彩评论