Documentation forServer & Application Monitor

File Count Monitors

As described in Work with SAM component monitors, SAM includes several "component monitor types" that focus on different elements such as services, logs, or processes. File Count Monitors are component monitors that count the number of files in a directory and, optionally, subdirectories.

For example, the Kiwi Syslog Server template includes a File Count: Mail Queue Folder monitor to track the number of files in mail queue directories. An accumulation in a mail queue directory indicates that email delivery is falling behind or failing.

In SAM 2020.2 and later, File Count Monitors use WinRM to collect data if WinRM polling is enabled on the Orion server and target Windows nodes that are not polled with the Orion agent. See Use WinRM as the default polling method for WMI-based component monitors in SAM.

Note the following details that apply to most component monitors categorized as File Count Monitors:

  • Access to WMI or the Windows file share on target machines is required.
  • The returned statistic is the number of files in the directory that match the file extensions filter.
  • Files that do not match the File Extensions Filter are not included in the disk space calculation.
  • A File Count Monitor may fail if you attempt to count more than 20,000 files in a directory using the wildcard (*) filter extension. To get an accurate count of files in a large directory, create a Windows Script Monitor that runs a File Count script like the example provided on the Orion server at:
    C:\Program Files (x86)\SolarWinds\Orion\APM\SampleScriptMonitors\WindowsScripts.
  • To set up Linux systems for Orion agent monitoring, see Configure Linux/Unix systems for monitoring by the Orion agent in SAM.
  • Python implementation leverages native file system access directly from the python script running locally on the target machine. Due to configuration settings, switching between agent-less and Orion agent for Linux will not establish a correct connection because the file path in Universal Naming Convention (UNC) format is not supported on Linux systems.

If you create a File Count Monitor in the Component Monitor Wizard, you'll be prompted to provide several values, as described next.

Field descriptions

Description

A default description of the monitor, which you can add to or replace. The variable to access this field is ${UserDescription}.

Enable Component

Determines if the component is enabled. Disabling the component leaves it in a deactivated state that does not influence its application availability or status, as displayed in the Orion Web Console.

Credential for Monitoring

Select a credential with read access to the file or use the <Inherit credential from node> option. If the credential you need is not in the credentials list, add it in the Credentials Library. See Understand the Credentials Library for details.

WinRM Authentication Mechanism

If the SAM WinRM toggle is enabled for application polling on the Orion server and target nodes, select an authentication method for the connection. The default setting is Negotiate.

  • Default: Specifies the transport to use for WS-Management protocol requests and responses: HTTP or HTTPS. The default is HTTP.
  • Digest: User name and password are required. The client sends a request with authentication data to an authenticating server, usually a domain controller. If the client is authenticated, then the server receives a Digest session key to authenticate subsequent requests from the client.
  • Negotiate: The client sends a request to the server to determine the protocol to use for Simple and Protected Negotiation (SPNEGO) authentication, which can be either:
    • Kerberos for domain accounts, or
    • NTLM for local computer accounts
  • Basic: User name and password are required, as sent via HTTP or HTTPS in a domain or workgroup.
  • Kerberos: User name and password are required for mutual authentication between the client and server, using encrypted keys. The client account must be a domain account in the same domain as the server. When a client uses default credentials, Kerberos is the authentication method if the connection string is not one of the following: localhost, 127.0.0.1, or [::1].
  • NtlmDomain: User name and password are required for NTLM authentication. The client proves its identity by sending a user name, password, and domain name.
  • CredSssp: User name and password are optional. The Credential Security Support Provider (CredSSP) lets an application delegate the user credentials from the client to the target server for remote authentication. The client is authenticated over the encrypted channel by using the SPNEGO protocol with either Kerberos or NTLM.

    Portions excerpted from the WinRM Glossary (© 2020, Microsoft Corp., available at docs.microsoft.com, obtained on March 13, 2020).

Full Directory Path

Specify the path to the directory in UNC format, within the 260-character limit. For example: \\computername\c$\. The path can include the variable ${IP} which represents the target node's IP address.

File Names Filter

Select files to include in the count based on file name. You can specify multiple file names (or partial names) separated by commas or spaces. To include all files, specify *.

File Extensions Filter

Specify files to include in the count based on file extension. Separate multiple file extensions with a comma or space.

Example for counting all files, regardless of file extension
File Extensions Filter: *

Example for counting files with .exe, .dll, and .bat extensions
File Extensions Filter: exe, dll, bat.

File Attributes Filter

Specify which files to include in the count based on the file attributes. The default value is All Files.

Include Subdirectories

Specify that files located inside subdirectories should be included in file counts.

Convert Value

Select the Convert Value check box to open the Formula box where you can manipulate the returned value with a variety of mathematical possibilities. Choose common functions from drop-down lists or select the Custom Conversion option. See Convert values in data transformations for SAM component monitors for details.

Statistic Threshold

Specify a threshold that indicates a warning level was breached. Logical operators are in the drop-down listbox, followed by a blank field where you can enter the value of this threshold. For example: Less than 15 for warning, Less than 5. for critical. See Application Monitor Thresholds.

User Notes

Add notes for easy reference. You can access this field by using the variable, ${UserNotes}.