Directory Scan monitoring default checks and policies

  • Release version: Australia
  • Updated March 12, 2026
  • 8 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Directory Scan Monitoring Default Checks and Policies

    The Agent Client Collector offers a set of default checks and policies for Directory Scan monitoring across Windows and Linux operating systems. These checks help monitor file and directory statuses by evaluating various parameters such as file count, integrity, age, response time, size, and disk space. Proper configuration of these checks can help maintain system performance and detect issues proactively.

    Show full answer Show less

    Key Features

    • File and Directory Monitoring: Checks for file counts, integrity, age, response time, size, and disk space usage.
    • Threshold Notifications: Alerts are generated based on defined critical and warning thresholds to indicate the status of monitored entities.
    • Permissions Requirement: The agent needs read and execute permissions on the files and directories being monitored.

    Key Outcomes

    By implementing these checks, ServiceNow customers can:

    • Receive timely alerts on critical issues, allowing for swift remediation.
    • Ensure optimal file and directory management through consistent monitoring.
    • Enhance overall system reliability and performance by regularly assessing resource usage and integrity.

    The Agent Client Collector provides the following default checks and policies for Directory Scan monitoring.

    Table 1. Windows OS Events - Extended policy
    Type Check Description Usage and Usage Example Output
    Event check-directory-file-count
    Checks the number of files present in a given directory and compares it to the provided warning and critical thresholds. Returns a CRITICAL, WARNING, or OK event based on the critical and warning thresholds.
    Note:
    • Counts the number of files inside the directory, not including files in subdirectories.
    • The agent requires read and execute permissions on the directory being monitored.

    check-directory-file-count.rb (options)

    -d, --dir Absolute path to the directory to count the files (required)

    -w, --warning Warning threshold (required)

    -c, --critical Critical threshold (required)

    -H, include_hidden_files Set active to true to include hidden files while counting (default is false)

    Usage Example:

    check-directory-file-count.rb -d /path/to/directory -w 50 -c 100

    DirectoryFileCount CRITICAL: <path to dir> has 165 files.
    Event check-directory-integrity
    Compares the last modified time of the directory with the current time to determine if any updates have occurred within a defined time interval. Based on this comparison, the check returns a CRITICAL or OK event.
    Note:
    The agent requires read and execute permissions on the directory being monitored.

    commonchecks check-directory-integrity (options)

    -d, --dirpath DIRPATH: Absolute path to the directory to check (required).

    -i, --interval INTERVAL: Time interval in seconds to check for recent updates (required). Default value can be set to 180 seconds.

    Usage example:

    commonchecks check-directory-update -d /path/to/directory -i 180

    		 Common Checks CRITICAL: Directory Integrity: CHANGES DETECTED for <path to file> within the last 180 seconds (Last Modified: Wed, 04 Dec 2024 12:18:55 EST).
    Event check-file-age

    Evaluates the age of a specified file by comparing its last modification time with the current time. Raises an alert if the file exceeds the defined critical or warning age thresholds.

    Note:
    The agent requires read and execute permissions on the file being monitored.
    		 commonchecks check-file-age (options)

    -f, --filepath FILEPATH: Absolute path to the file to check (required).

    -c, --critical CRITICAL: Critical age threshold in minutes for the file (required).

    -w, --warning WARNING: Warning age threshold in minutes for the file (required).

    Usage example:commonchecks check-file-age -f /path/to/file.txt -c 120 -w 60

    		 Common Checks OK: File <path to file> age: 30 minutes.
    Event check-file-response-time
    Compares the time needed to read a specified file and compares it with the critical and warning thresholds. Based on this comparison, the check returns a CRITICAL or OK event.
    Note:
    The agent requires read and execute permissions on the file being monitored.
    		 commonchecks check-file-response-time (options)

    -f, --filepath FILEPATH: Absolute path to the file to check (required).

    -c, --critical CRITICAL: Critical threshold in seconds for file response time (required).

    -w, --warning WARNING: Warning threshold in seconds for file response time (required).

    -t, --timeout TIMEOUT: Maximum time allowed for reading the file content, specified in seconds. Time out value must be greater than the critical threshold value.

    Usage example:commonchecks check-file-response-time -f /var/log/servicenow/agent-client-collector/acc.log -c 10 -w 5 -t 20

    		 Common Checks OK: File read response time: 0.0020 seconds for the file_name: /var/log/servicenow/agent-client-collector/acc.log.
    Event check-file-size

    Measures the size of a file (the actual amount of data it contains) and compares it against specified thresholds. Returns a CRITICAL, WARNING, or OK event based on the comparison of the file size and the thresholds.

    Note:
    The agent requires read and execute permissions on the file being monitored.
    		 commonchecks check-file-size (options)

    -f, --filepath FILEPATH Absolute path to the required file (required).

    -c, --critical CRITICAL. Critical threshold in kilobytes. Provide as a number without units (for example, 1000 for 1000 KB) (required)

    -w, --warning WARNING. Warning threshold in kilobytes. Provide as a number without units (for example, 500 for 500 KB) (required)

    Usage example:commonchecks check-file-size -f C:\ProgramData\ServiceNow\agent-client-collector\config\acc.yml

    		 Common Checks OK: For File <path to file> size: 4.72 KB is within thresholds
    Event check-file-space

    Measures the size of a file on disk against specified thresholds, returning a CRITICAL, WARNING, or OK event based on the thresholds.

    Note:
    The agent requires read and execute permissions on the file being monitored.
    		 commonchecks check-file-space (options)

    -f, --filepath FILEPATH: Absolute path to the relevant file (required).

    -c, --critical CRITICAL: Critical threshold in kilobytes. Provided as a number without units (for example, 1000 for 1000 KB) (required)

    -w, --warning WARNING: Warning threshold in kilobytes. Provided as a number without units (for example, 500 for 500 KB) (required)

    -b, --blocksize BLOCKSIZE: Block size in bytes (Default = 4096) (required)

    Usage example:

    commonchecks check-file-space -f C:\ProgramData\ServiceNow\agent-client-collector\config\acc.yml    		 Common Checks OK: File <path to file> space: 8.00 KB is within threshold
    Event os.windows.check-directory-space Verifies the disk space occupied by a directory's content. Returns a CRITICAL, WARNING, or OK event, based on the comparison with the given critical and warning event severity thresholds.
    Note:
    The agent requires read and execute permissions on the directory being monitored.
    		 winchecks check-dir-space (options)

    -d, --dirpath DIRPATH: Absolute path to the directory being checked (required).

    -c, --critical CRITICAL: Critical disk space threshold in kilobytes (required).

    -w, --warning WARNING: Warning disk space threshold in kilobytes (required).

    -t, --timeout TIMEOUT: Maximum time allowed for directory size calculation, specified in seconds (required).

    Usage example:winchecks check-dir-space -d /path/to/directory -c 1000 -w 500 -t 120

    		 Windows Checks OK: Directory <path to file> space: 369.25 KB is within thresholds
    Table 2. Linux OS Events - Extended policy
    Type Check Description Usage and Usage Example Output
    Event check-directory-file-count
    Checks the number of files present in a given directory and compares it to the provided warning and critical thresholds. Returns a CRITICAL, WARNING, or OK event based on the critical and warning thresholds.
    Note:
    • Counts the number of files inside the directory, not including files in subdirectories.
    • The agent requires read and execute permissions on the directory being monitored.

    check-directory-file-count.rb (options)

    -d, --dir Absolute path to the directory to count the files (required)

    -w, --warning Warning threshold (required)

    -c, --critical Critical threshold (required)

    -H, include_hidden_files Set active to true to include hidden files while counting (default is false)

    Usage Example:

    check-directory-file-count.rb -d /path/to/directory -w 50 -c 100

    DirectoryFileCount CRITICAL: <path to dir> has 165 files.
    Event check-directory-integrity
    Compares the last modified time of the directory with the current time to determine if any updates have occurred within a defined time interval. Based on this comparison, the check returns a CRITICAL or OK event.
    Note:
    The agent requires read and execute permissions on the directory being monitored.

    commonchecks check-directory-integrity (options)

    -d, --dirpath DIRPATH: Absolute path to the directory to check (required).

    -i, --interval INTERVAL: Time interval in seconds to check for recent updates (required). Default value can be set to 180 seconds.

    Usage example:

    commonchecks check-directory-update -d /path/to/directory -i 180

    		 Common Checks CRITICAL: Directory Integrity: CHANGES DETECTED for <path to file> within the last 180 seconds (Last Modified: Wed, 04 Dec 2024 12:18:55 EST).
    Event check-file-age

    Evaluates the age of a specified file by comparing its last modification time with the current time. Raises an alert if the file exceeds the defined critical or warning age thresholds.

    Note:
    The agent requires read and execute permissions on the file being monitored.
    		 commonchecks check-file-age (options)

    -f, --filepath FILEPATH: Absolute path to the file to check (required).

    -c, --critical CRITICAL: Critical age threshold in minutes for the file (required).

    -w, --warning WARNING: Warning age threshold in minutes for the file (required).

    Usage example:commonchecks check-file-age -f /path/to/file.txt -c 120 -w 60

    		 Common Checks OK: File <path to file> age: 30 minutes.
    Event check-file-response-time
    Compares the time needed to read a specified file and compares it with the critical and warning thresholds. Based on this comparison, the check returns a CRITICAL or OK event.
    Note:
    The agent requires read and execute permissions on the file being monitored.
    		 commonchecks check-file-response-time (options)

    -f, --filepath FILEPATH: Absolute path to the file to check (required).

    -c, --critical CRITICAL: Critical threshold in seconds for file response time (required).

    -w, --warning WARNING: Warning threshold in seconds for file response time (required).

    -t, --timeout TIMEOUT: Maximum time allowed for reading the file content, specified in seconds. Time out value must be greater than the critical threshold value.

    Usage example:commonchecks check-file-response-time -f /var/log/servicenow/agent-client-collector/acc.log -c 10 -w 5 -t 20

    		 Common Checks OK: File read response time: 0.0020 seconds for the file_name: /var/log/servicenow/agent-client-collector/acc.log.
    Event check-file-size

    Measures the size of a file (the actual amount of data it contains) and compares it against specified thresholds. Returns a CRITICAL, WARNING, or OK event based on the comparison of the file size and the thresholds.

    Note:
    The agent requires read and execute permissions on the file being monitored.
    		 commonchecks check-file-size (options)

    -f, --filepath FILEPATH Absolute path to the required file (required).

    -c, --critical CRITICAL. Critical threshold in kilobytes. Provide as a number without units (for example, 1000 for 1000 KB) (required)

    -w, --warning WARNING. Warning threshold in kilobytes. Provide as a number without units (for example, 500 for 500 KB) (required)

    Usage example:commonchecks check-file-size -f C:\ProgramData\ServiceNow\agent-client-collector\config\acc.yml

    		 Common Checks OK: For File <path to file> size: 4.72 KB is within thresholds
    Event check-file-space

    Measures the size of a file on disk against specified thresholds, returning a CRITICAL, WARNING, or OK event based on the thresholds.

    Note:
    The agent requires read and execute permissions on the file being monitored.
    		 commonchecks check-file-space (options)

    -f, --filepath FILEPATH: Absolute path to the relevant file (required).

    -c, --critical CRITICAL: Critical threshold in kilobytes. Provided as a number without units (for example, 1000 for 1000 KB) (required)

    -w, --warning WARNING: Warning threshold in kilobytes. Provided as a number without units (for example, 500 for 500 KB) (required)

    -b, --blocksize BLOCKSIZE: Block size in bytes (Default = 4096) (required)

    Usage example:

    commonchecks check-file-space -f C:\ProgramData\ServiceNow\agent-client-collector\config\acc.yml    		 Common Checks OK: File <path to file> space: 8.00 KB is within threshold
    Event os.linux.check-directory-size Verifies the space allocated for a disk's directory and compares it against specified critical and warning thresholds.
    Note:
    The agent requires read and execute permissions on the directory being monitored.
    		 linuxchecks check-directory-size (options)

    -d, --dirpath DIRPATH: Absolute path to the directory being checked (required).

    -c, --critical CRITICAL: Critical disk space threshold in kilobytes (required).

    -w, --warning WARNING: Warning disk space threshold in kilobytes (required).

    -t, --timeout TIMEOUT: Maximum time allowed for directory size calculation, specified in seconds (required).

    Usage example:linuxchecks check-directory-size -d path/to/directory -c 100 -w 50 -t 30

    		 Linux Checks CRITICAL: Directory <path to file> size: 500.00 KB exceeds critical threshold 10.00 KB
    Event os.linux.check-directory-space Verifies the disk space occupied by directory content. Returns a CRITICAL, WARNING, or OK event based on the comparison with the critical and warning thresholds.
    Note:
    The agent requires read and execute permissions on the directory being monitored.
    		 linuxchecks check-directory-space (options)

    -d, --dirpath DIRPATH: Absolute path to the directory being checked (required).

    -c, --critical CRITICAL: Critical disk space threshold in kilobytes (required).

    -w, --warning WARNING: Warning disk space threshold in kilobytes (required).

    -t, --timeout TIMEOUT: Maximum time allowed for directory size calculation, specified in seconds (required).

    Usage example:linuxchecks check-directory-space -d /path/to/directory -c 10 -w 5 -t 30

    		 Linux Checks CRITICAL: Directory <path to file> space: 374.00 KB exceeds critical threshold 10.00 KB