Directory Scan monitoring default checks and policies

  • Release version: Yokohama
  • Updated January 30, 2025
  • 8 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Directory Scan monitoring default checks and policies

    The Agent Client Collector in ServiceNow Yokohama release provides a set of default monitoring checks and policies specifically designed for Directory Scan operations on both Windows and Linux operating systems. These checks enable customers to monitor directory contents, file attributes, and disk space usage effectively, ensuring timely alerts for critical, warning, or normal states based on predefined thresholds.

    Show full answer Show less

    Key Features

    • Directory File Count: Counts files within a specified directory (excluding subdirectories) and compares against warning and critical thresholds. Supports optional inclusion of hidden files. Requires read and execute permissions on the directory.
    • Directory Integrity: Checks if a directory has been modified within a specified time interval by comparing last modified timestamps. Returns alerts if recent changes are detected.
    • File Age: Monitors the age of specific files by comparing their last modification time with current time, raising alerts if files exceed defined age thresholds.
    • File Response Time: Measures the time taken to read a file and compares it against thresholds to detect performance issues in file access.
    • File Size: Evaluates the actual size of a file against defined kilobyte thresholds and triggers alerts accordingly.
    • File Space: Checks the disk space occupied by a file, considering block size, and compares it to thresholds to monitor storage utilization.
    • Directory Space (Windows): Assesses total disk space used by a directory’s contents, alerting based on configured thresholds.
    • Directory Size and Space (Linux): Similar to Windows checks but tailored for Linux, measuring directory size and disk space usage with alerting capabilities.

    Practical Usage for ServiceNow Customers

    Customers can apply these default checks to proactively monitor directories and files critical to their IT operations. By configuring appropriate warning and critical thresholds, they receive timely notifications on issues like excessive file counts, stale files, slow file access, or disk space constraints. This helps maintain system health, optimize storage, and prevent failures caused by unnoticed file system anomalies.

    Permissions and Requirements

    All checks require the Agent Client Collector to have read and execute permissions on the target directories or files to perform accurate monitoring.

    Examples and Command Options

    The checks offer command-line options to specify paths, thresholds, intervals, and other parameters. Typical usage includes commands like:

    • Counting files: check-directory-file-count.rb -d /path/to/directory -w 50 -c 100
    • Checking directory updates: commonchecks check-directory-integrity -d /path/to/directory -i 180
    • Measuring file size: commonchecks check-file-size -f /path/to/file -w 500 -c 1000
    • Assessing directory space: winchecks check-dir-space -d /path/to/directory -w 500 -c 1000 -t 120 (Windows)
    • Linux directory size check: linuxchecks check-directory-size -d /path/to/directory -w 50 -c 100 -t 30

    Output messages clearly indicate the status (CRITICAL, WARNING, OK) along with relevant details such as counts, sizes, or timestamps.

    Benefits

    • Enables continuous health monitoring of directories and files critical to ServiceNow operations.
    • Provides early warning of potential issues like directory bloat, file staleness, or disk space exhaustion.
    • Supports both Windows and Linux environments with tailored checks.
    • Facilitates automation of file system monitoring, reducing manual oversight.

    The Agent Client Collector provides the following default checks and policies for Directory Scan monitoring.

    Table 1. Windows OS Events - Extended policy
    Type Check Description Usage and Usage Example Output
    Event check-directory-file-count
    Checks the number of files present in a given directory and compares it to the provided warning and critical thresholds. Returns a CRITICAL, WARNING, or OK event based on the critical and warning thresholds.
    Note:
    • Counts the number of files inside the directory, not including files in subdirectories.
    • The agent requires read and execute permissions on the directory being monitored.

    check-directory-file-count.rb (options)

    -d, --dir Absolute path to the directory to count the files (required)

    -w, --warning Warning threshold (required)

    -c, --critical Critical threshold (required)

    -H, include_hidden_files Set active to true to include hidden files while counting (default is false)

    Usage Example:

    check-directory-file-count.rb -d /path/to/directory -w 50 -c 100

    DirectoryFileCount CRITICAL: <path to dir> has 165 files.
    Event check-directory-integrity
    Compares the last modified time of the directory with the current time to determine if any updates have occurred within a defined time interval. Based on this comparison, the check returns a CRITICAL or OK event.
    Note:
    The agent requires read and execute permissions on the directory being monitored.

    commonchecks check-directory-integrity (options)

    -d, --dirpath DIRPATH: Absolute path to the directory to check (required).

    -i, --interval INTERVAL: Time interval in seconds to check for recent updates (required). Default value can be set to 180 seconds.

    Usage example:

    commonchecks check-directory-update -d /path/to/directory -i 180

    		 Common Checks CRITICAL: Directory Integrity: CHANGES DETECTED for <path to file> within the last 180 seconds (Last Modified: Wed, 04 Dec 2024 12:18:55 EST).
    Event check-file-age

    Evaluates the age of a specified file by comparing its last modification time with the current time. Raises an alert if the file exceeds the defined critical or warning age thresholds.

    Note:
    The agent requires read and execute permissions on the file being monitored.
    		 commonchecks check-file-age (options)

    -f, --filepath FILEPATH: Absolute path to the file to check (required).

    -c, --critical CRITICAL: Critical age threshold in minutes for the file (required).

    -w, --warning WARNING: Warning age threshold in minutes for the file (required).

    Usage example:commonchecks check-file-age -f /path/to/file.txt -c 120 -w 60

    		 Common Checks OK: File <path to file> age: 30 minutes.
    Event check-file-response-time
    Compares the time needed to read a specified file and compares it with the critical and warning thresholds. Based on this comparison, the check returns a CRITICAL or OK event.
    Note:
    The agent requires read and execute permissions on the file being monitored.
    		 commonchecks check-file-response-time (options)

    -f, --filepath FILEPATH: Absolute path to the file to check (required).

    -c, --critical CRITICAL: Critical threshold in seconds for file response time (required).

    -w, --warning WARNING: Warning threshold in seconds for file response time (required).

    -t, --timeout TIMEOUT: Maximum time allowed for reading the file content, specified in seconds. Time out value must be greater than the critical threshold value.

    Usage example:commonchecks check-file-response-time -f /var/log/servicenow/agent-client-collector/acc.log -c 10 -w 5 -t 20

    		 Common Checks OK: File read response time: 0.0020 seconds for the file_name: /var/log/servicenow/agent-client-collector/acc.log.
    Event check-file-size

    Measures the size of a file (the actual amount of data it contains) and compares it against specified thresholds. Returns a CRITICAL, WARNING, or OK event based on the comparison of the file size and the thresholds.

    Note:
    The agent requires read and execute permissions on the file being monitored.
    		 commonchecks check-file-size (options)

    -f, --filepath FILEPATH Absolute path to the required file (required).

    -c, --critical CRITICAL. Critical threshold in kilobytes. Provide as a number without units (for example, 1000 for 1000 KB) (required)

    -w, --warning WARNING. Warning threshold in kilobytes. Provide as a number without units (for example, 500 for 500 KB) (required)

    Usage example:commonchecks check-file-size -f C:\ProgramData\ServiceNow\agent-client-collector\config\acc.yml

    		 Common Checks OK: For File <path to file> size: 4.72 KB is within thresholds
    Event check-file-space

    Measures the size of a file on disk against specified thresholds, returning a CRITICAL, WARNING, or OK event based on the thresholds.

    Note:
    The agent requires read and execute permissions on the file being monitored.
    		 commonchecks check-file-space (options)

    -f, --filepath FILEPATH: Absolute path to the relevant file (required).

    -c, --critical CRITICAL: Critical threshold in kilobytes. Provided as a number without units (for example, 1000 for 1000 KB) (required)

    -w, --warning WARNING: Warning threshold in kilobytes. Provided as a number without units (for example, 500 for 500 KB) (required)

    -b, --blocksize BLOCKSIZE: Block size in bytes (Default = 4096) (required)

    Usage example:

    commonchecks check-file-space -f C:\ProgramData\ServiceNow\agent-client-collector\config\acc.yml    		 Common Checks OK: File <path to file> space: 8.00 KB is within threshold
    Event os.windows.check-directory-space Verifies the disk space occupied by a directory's content. Returns a CRITICAL, WARNING, or OK event, based on the comparison with the given critical and warning event severity thresholds.
    Note:
    The agent requires read and execute permissions on the directory being monitored.
    		 winchecks check-dir-space (options)

    -d, --dirpath DIRPATH: Absolute path to the directory being checked (required).

    -c, --critical CRITICAL: Critical disk space threshold in kilobytes (required).

    -w, --warning WARNING: Warning disk space threshold in kilobytes (required).

    -t, --timeout TIMEOUT: Maximum time allowed for directory size calculation, specified in seconds (required).

    Usage example:winchecks check-dir-space -d /path/to/directory -c 1000 -w 500 -t 120

    		 Windows Checks OK: Directory <path to file> space: 369.25 KB is within thresholds
    Table 2. Linux OS Events - Extended policy
    Type Check Description Usage and Usage Example Output
    Event check-directory-file-count
    Checks the number of files present in a given directory and compares it to the provided warning and critical thresholds. Returns a CRITICAL, WARNING, or OK event based on the critical and warning thresholds.
    Note:
    • Counts the number of files inside the directory, not including files in subdirectories.
    • The agent requires read and execute permissions on the directory being monitored.

    check-directory-file-count.rb (options)

    -d, --dir Absolute path to the directory to count the files (required)

    -w, --warning Warning threshold (required)

    -c, --critical Critical threshold (required)

    -H, include_hidden_files Set active to true to include hidden files while counting (default is false)

    Usage Example:

    check-directory-file-count.rb -d /path/to/directory -w 50 -c 100

    DirectoryFileCount CRITICAL: <path to dir> has 165 files.
    Event check-directory-integrity
    Compares the last modified time of the directory with the current time to determine if any updates have occurred within a defined time interval. Based on this comparison, the check returns a CRITICAL or OK event.
    Note:
    The agent requires read and execute permissions on the directory being monitored.

    commonchecks check-directory-integrity (options)

    -d, --dirpath DIRPATH: Absolute path to the directory to check (required).

    -i, --interval INTERVAL: Time interval in seconds to check for recent updates (required). Default value can be set to 180 seconds.

    Usage example:

    commonchecks check-directory-update -d /path/to/directory -i 180

    		 Common Checks CRITICAL: Directory Integrity: CHANGES DETECTED for <path to file> within the last 180 seconds (Last Modified: Wed, 04 Dec 2024 12:18:55 EST).
    Event check-file-age

    Evaluates the age of a specified file by comparing its last modification time with the current time. Raises an alert if the file exceeds the defined critical or warning age thresholds.

    Note:
    The agent requires read and execute permissions on the file being monitored.
    		 commonchecks check-file-age (options)

    -f, --filepath FILEPATH: Absolute path to the file to check (required).

    -c, --critical CRITICAL: Critical age threshold in minutes for the file (required).

    -w, --warning WARNING: Warning age threshold in minutes for the file (required).

    Usage example:commonchecks check-file-age -f /path/to/file.txt -c 120 -w 60

    		 Common Checks OK: File <path to file> age: 30 minutes.
    Event check-file-response-time
    Compares the time needed to read a specified file and compares it with the critical and warning thresholds. Based on this comparison, the check returns a CRITICAL or OK event.
    Note:
    The agent requires read and execute permissions on the file being monitored.
    		 commonchecks check-file-response-time (options)

    -f, --filepath FILEPATH: Absolute path to the file to check (required).

    -c, --critical CRITICAL: Critical threshold in seconds for file response time (required).

    -w, --warning WARNING: Warning threshold in seconds for file response time (required).

    -t, --timeout TIMEOUT: Maximum time allowed for reading the file content, specified in seconds. Time out value must be greater than the critical threshold value.

    Usage example:commonchecks check-file-response-time -f /var/log/servicenow/agent-client-collector/acc.log -c 10 -w 5 -t 20

    		 Common Checks OK: File read response time: 0.0020 seconds for the file_name: /var/log/servicenow/agent-client-collector/acc.log.
    Event check-file-size

    Measures the size of a file (the actual amount of data it contains) and compares it against specified thresholds. Returns a CRITICAL, WARNING, or OK event based on the comparison of the file size and the thresholds.

    Note:
    The agent requires read and execute permissions on the file being monitored.
    		 commonchecks check-file-size (options)

    -f, --filepath FILEPATH Absolute path to the required file (required).

    -c, --critical CRITICAL. Critical threshold in kilobytes. Provide as a number without units (for example, 1000 for 1000 KB) (required)

    -w, --warning WARNING. Warning threshold in kilobytes. Provide as a number without units (for example, 500 for 500 KB) (required)

    Usage example:commonchecks check-file-size -f C:\ProgramData\ServiceNow\agent-client-collector\config\acc.yml

    		 Common Checks OK: For File <path to file> size: 4.72 KB is within thresholds
    Event check-file-space

    Measures the size of a file on disk against specified thresholds, returning a CRITICAL, WARNING, or OK event based on the thresholds.

    Note:
    The agent requires read and execute permissions on the file being monitored.
    		 commonchecks check-file-space (options)

    -f, --filepath FILEPATH: Absolute path to the relevant file (required).

    -c, --critical CRITICAL: Critical threshold in kilobytes. Provided as a number without units (for example, 1000 for 1000 KB) (required)

    -w, --warning WARNING: Warning threshold in kilobytes. Provided as a number without units (for example, 500 for 500 KB) (required)

    -b, --blocksize BLOCKSIZE: Block size in bytes (Default = 4096) (required)

    Usage example:

    commonchecks check-file-space -f C:\ProgramData\ServiceNow\agent-client-collector\config\acc.yml    		 Common Checks OK: File <path to file> space: 8.00 KB is within threshold
    Event os.linux.check-directory-size Verifies the space allocated for a disk's directory and compares it against specified critical and warning thresholds.
    Note:
    The agent requires read and execute permissions on the directory being monitored.
    		 linuxchecks check-directory-size (options)

    -d, --dirpath DIRPATH: Absolute path to the directory being checked (required).

    -c, --critical CRITICAL: Critical disk space threshold in kilobytes (required).

    -w, --warning WARNING: Warning disk space threshold in kilobytes (required).

    -t, --timeout TIMEOUT: Maximum time allowed for directory size calculation, specified in seconds (required).

    Usage example:linuxchecks check-directory-size -d path/to/directory -c 100 -w 50 -t 30

    		 Linux Checks CRITICAL: Directory <path to file> size: 500.00 KB exceeds critical threshold 10.00 KB
    Event os.linux.check-directory-space Verifies the disk space occupied by directory content. Returns a CRITICAL, WARNING, or OK event based on the comparison with the critical and warning thresholds.
    Note:
    The agent requires read and execute permissions on the directory being monitored.
    		 linuxchecks check-directory-space (options)

    -d, --dirpath DIRPATH: Absolute path to the directory being checked (required).

    -c, --critical CRITICAL: Critical disk space threshold in kilobytes (required).

    -w, --warning WARNING: Warning disk space threshold in kilobytes (required).

    -t, --timeout TIMEOUT: Maximum time allowed for directory size calculation, specified in seconds (required).

    Usage example:linuxchecks check-directory-space -d /path/to/directory -c 10 -w 5 -t 30

    		 Linux Checks CRITICAL: Directory <path to file> space: 374.00 KB exceeds critical threshold 10.00 KB