I need to monitor file operations on a server. Is this possible with CBFS Filter?
In certain cases, it may be desirable for a CBFilter/CBMonitor-based application to be able to track filesystem operations performed on a remote system, such as a file server. It is important to understand the limitations of Windows' filesystem filtering mechanisms in order to maintain reasonable expectations when developing for such use-cases.
The CBFS Filter system drivers must be installed on a machine in order for an application built with CBFilter or CBMonitor to be able to track filesystem requests on it; and similarly, the CBFilter and CBMonitor components can only track filesystem requests that are made against a local filesystem.
For example, imagine an environment with a file server S, and two client machines C1 and C2. If C1 and C2 have both mounted the filesystem shared by S as a network drive, then there are two options for tracking all requests directed at that filesystem:
- Install the application on S and track filesystem operations on the shared drive.
- Install the application on both C1 and C2 and track filesystem operations on the mounted network drive.
Modification of file read/write requests will only work correctly for local filesystems due to how Windows actually transfers the data internally. Attempting to modify the file data carried by a read/write request made against a locally-mounted network drive will always fail.
We appreciate your feedback. If you have any questions, comments, or suggestions about this article please contact our support team at firstname.lastname@example.org.